Tom Standley

Name of the Vulnerable Software and Affected Versions: Ninja Forms plugin versions prior to 3.4.28 Description: The issue is related to a lack of escaping for submissions-table fields in the Ninja Forms plugin for WordPress. This could potentially lead to security issues, although specific details about exploitation or affected devices are not provided. Recommendations: For versions prior to 3.4.28, update to version 3.4.28 or later to resolve the issue. As a temporary workaround, consider restricting access to the submissions table to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Ninja Forms plugin versions prior to 3.4.27.1 Description: The issue allows for CSRF via services integration. Recommendations: For versions prior to 3.4.27.1, update to version 3.4.27.1 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Ninja Forms plugin versions prior to 3.4.27.1 Description: The issue allows attackers to bypass validation via the `email` field. This can be exploited by attackers to potentially send unauthorized emails or bypass email-related security measures. Recommendations: For versions prior to 3.4.27.1, update to version 3.4.27.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the email field to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ninja-forms plugin versions prior to 3.4.24.2 **Description** The issue allows for Cross-Site Request Forgery (CSRF) with resultant Cross-Site Scripting (XSS). This means an attacker can trick a user into performing unintended actions on a web application, potentially leading to the execution of malicious scripts. **Recommendations** For versions prior to 3.4.24.2, update to version 3.4.24.2 or later to resolve the issue. As a temporary workaround, consider implementing additional CSRF protection measures, such as token-based validation, to minimize the risk of exploitation. Restrict access to sensitive areas of the plugin to minimize the risk of XSS attacks until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Ninja Forms plugin version 3.4.22 **Description** The issue concerns Multiple Stored XSS vulnerabilities. These vulnerabilities can be exploited via parameters such as `ninja forms[recaptcha site key]`, `ninja forms[recaptcha secret key]`, `ninja forms[recaptcha lang]`, or `ninja forms[date format]`. **Recommendations** For Ninja Forms plugin version 3.4.22, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.