Medium severity6.1NVD Advisory· Published Nov 15, 2018· Updated Jun 17, 2026
CVE-2018-19287
CVE-2018-19287
Description
XSS in the Ninja Forms plugin before 3.3.18 for WordPress allows Remote Attackers to execute JavaScript via the includes/Admin/Menus/Submissions.php (aka submissions page) begin_date, end_date, or form_id parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<3.3.18+ 1 more
- (no CPE)range: <3.3.18
- (no CPE)range: <3.3.18
Patches
Vulnerability mechanics
References
3- plugins.trac.wordpress.org/changeset/1974335/ninja-forms/trunk/includes/Admin/Menus/Submissions.phpnvdPatchThird Party Advisory
- www.exploit-db.com/exploits/45880/nvdExploitThird Party AdvisoryVDB Entry
- wordpress.org/plugins/ninja-forms/nvdRelease NotesVendor Advisory
News mentions
0No linked articles in our index yet.