CVE-2023-37979

HIGH NUCLEI

Ninjaforms Ninja Forms < 3.6.26 - XSS

Title source: rule

Description

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Saturday Drive Ninja Forms Contact Form plugin <= 3.6.25 versions.

Exploits (5)

exploitdb WORKING POC

by Mehran Seifalinia · pythonwebappsphp

https://www.exploit-db.com/exploits/51644

View Code ZIP pw:eip

nomisec WORKING POC 14 stars

by Mehran-Seifalinia · poc

https://github.com/Mehran-Seifalinia/CVE-2023-37979

View Code ZIP pw:eip

github WORKING POC 2 stars

by Mehran-Seifalinia · pythonpoc

https://github.com/Mehran-Seifalinia/CVE-Exploits/tree/main/2023/CVE-2023-37979

View Code ZIP pw:eip

nomisec WORKING POC 2 stars

by d0rb · poc

https://github.com/d0rb/CVE-2023-37979

View Code ZIP pw:eip

inthewild

poc

https://github.com/fire-null/cve-2023-37979

View on inthewild

Nuclei Templates (1)

Ninja Forms < 3.6.26 - Cross-Site Scripting

MEDIUMVERIFIEDby r3Y3r53

Shodan: http.html:/wp-content/plugins/ninja-forms/

FOFA: body=/wp-content/plugins/ninja-forms/

References (3)

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/173983/WordPress-Ninja-Forms-3.6.25-Cross-Site-Scripting.html

[Third Party Advisory] https://patchstack.com/articles/multiple-high-severity-vulnerabilities-in-ninja-forms-plugin?_s_id=cve

[Third Party Advisory] https://patchstack.com/database/vulnerability/ninja-forms/wordpress-ninja-forms-plugin-3-6-25-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve

Scores

CVSS v3 7.1

EPSS 0.2399

EPSS Percentile 96.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Details

CWE

CWE-79

Status published

Products (1)

ninjaforms/ninja_forms < 3.6.26

Published Jul 27, 2023

Tracked Since Feb 18, 2026