cleantalk
Vulnerabilities and Security Researches

Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress, de4537020d7c9e36885cc1b5b28145cc99523699

CVE, Research URL

de4537020d7c9e36885cc1b5b28145cc99523699

Home page URL

Security reports for Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress

Application

Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress

Published on
Sep 03, 2024
Research Description
Ninja Forms &#8211; The Contact Form Builder That Grows With You [ninja-forms] >= 3.8.6 - <= 3.8.10 WordPress Ninja Forms Plugin 3.8.6-3.8.10 is vulnerable to Cross Site Scripting (XSS) <p>WordPress Ninja Forms Plugin 3.8.6-3.8.10 is vulnerable to Cross Site Scripting (XSS)</p><p>Software: Ninja Forms</p><p>Link: https://wordpress.org/plugins/ninja-forms/#developers</p><p>Affected Version 3.8.6-3.8.10</p><p>Fixed in version 3.8.11 </p>
Affected versions
Min 3.8.6, max 3.8.10.
Status
vulnerable
Previous vulnerability researches
Ninja Forms Views &#8211; Display &amp; Edit Ninja Forms Submissions on your site frontend (CVE-2026-42741) , May 14, 2026
Ninja Forms Google Sheet Connector (CVE-2025-13136) , Dec 10, 2025
Ninja Forms Google Sheet Connector (CVE-2023-33999) , Jun 13, 2026
Ninja Forms Google Sheet Connector (f62006fa2935f40d13e2fe6b26a28ab5e43cf103) , Jun 16, 2026
Ninja Forms Google Sheet Connector (b7d9c54a-9a9a-48ad-bb78-e30340963236) , Jun 16, 2026
New vulnerability
Classified Listing – Classified ads &amp; Business Directory Plugin (CVE-2026-10779) , Jun 21, 2026
WP EasyPay &#8211; Square for WordPress (CVE-2026-56024) , Jun 20, 2026
Database for Contact Form 7, WPforms, Elementor forms (CVE-2026-9843) , Jun 20, 2026
WP Go Maps (formerly WP Google Maps) (CVE-2026-12238) , Jun 20, 2026
Media Library Assistant (CVE-2026-56012) , Jun 20, 2026