Unrated severityNVD Advisory· Published Jul 27, 2023· Updated Apr 28, 2026
WordPress Ninja Forms Plugin <= 3.6.25 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-37979
Description
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Saturday Drive Ninja Forms Contact Form plugin <= 3.6.25 versions.
Affected products
1- Range: n/a
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- patchstack.com/articles/multiple-high-severity-vulnerabilities-in-ninja-forms-pluginmitretechnical-description
- patchstack.com/database/vulnerability/ninja-forms/wordpress-ninja-forms-plugin-3-6-25-reflected-cross-site-scripting-xss-vulnerabilitymitrevdb-entry
- packetstormsecurity.com/files/173983/WordPress-Ninja-Forms-3.6.25-Cross-Site-Scripting.htmlmitre
News mentions
0No linked articles in our index yet.