Unrated severityNVD Advisory· Published Jul 27, 2023· Updated Apr 28, 2026
WordPress Ninja Forms Plugin <= 3.6.25 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-37979
Description
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Saturday Drive Ninja Forms Contact Form plugin <= 3.6.25 versions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<=3.6.25+ 1 more
- (no CPE)range: <=3.6.25
- (no CPE)range: n/a
Patches
Vulnerability mechanics
References
3- patchstack.com/articles/multiple-high-severity-vulnerabilities-in-ninja-forms-pluginmitretechnical-description
- patchstack.com/database/vulnerability/ninja-forms/wordpress-ninja-forms-plugin-3-6-25-reflected-cross-site-scripting-xss-vulnerabilitymitrevdb-entry
- packetstormsecurity.com/files/173983/WordPress-Ninja-Forms-3.6.25-Cross-Site-Scripting.htmlmitre
News mentions
0No linked articles in our index yet.