cleantalk
Vulnerabilities and Security Researches

Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress, CVE-2024-7354

CVE, Research URL

CVE-2024-7354

Home page URL

Security reports for Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress

Application

Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress

Published on
Sep 02, 2024
Research Description
The Ninja Forms WordPress plugin before 3.8.11 does not escape an URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Affected versions
Min 3.8.6, max 3.8.10.
Status
vulnerable
Previous vulnerability researches
Ninja Forms Google Sheet Connector (48c876c4c37ae47cdbba572acd132e945788cdbd) , Jun 07, 2024
Ninja Forms Google Sheet Connector (CVE-2023-2333) , Jun 07, 2024
Styler for Ninja Forms (CVE-2024-10717) , Nov 14, 2024
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress (CVE-2024-43999) , Sep 01, 2024
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress (CVE-2021-24381) , Jun 06, 2024
New vulnerability
Login/Signup Popup ( Inline Form + Woocommerce ) (CVE-2025-50027) , Jun 22, 2025
Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers (CVE-2025-49997) , Jun 22, 2025
Football Pool (CVE-2025-5490) , Jun 20, 2025
CubeWP Forms – LeadGen & Contact Form (CVE-2025-49880) , Jun 20, 2025
WP2LEADS | WordPress und KlickTipp einfach verbinden – WooCommerce und KlickTipp einfach verbinden (CVE-2025-49316) , Jun 20, 2025