PT-2026-60709 · Saturday Drive · Ninja Forms - Excel Export
CVE-2026-15161
·
Published
2026-07-17
·
Updated
2026-07-17
CVSS v3.1
6.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.3.6. This is due to the save filter() AJAX handler storing the raw $ POST['filter'] array into a WordPress option via update option() without any capability check, nonce verification, or input sanitization, combined with the get filter row() method on the admin Excel Export screen concatenating the stored filter values (field key, condition, value) directly into HTML attributes without esc attr(). This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ninja Forms - Excel Export