CVE-2018-19287
XSS in the Ninja Forms plugin before 3.3.18 for WordPress allows Remote Attackers to execute JavaScript via the includes/Admin/Menus/Submissions.php (aka submissions page) begin_date, end_date, or form_id parameter.
We have discovered 7,763 live websites that are affected by CVE-2018-19287.
Affected Software
| Product | |
| Category | Form Builders |
| Vulnerable Domains | 7,763 live websites (5.37% of Ninja Forms install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 138 versions ( 50.00% of all versions) |
Details
- Published - Nov 15, 2018
- Updated - Aug 5, 2024
CVE References
CVE-2018-19287 usage by Country
 United States | 4,394 websites |
 Germany | 479 websites |
 France | 325 websites |
 GB | 322 websites |
 Australia | 182 websites |
 Netherlands | 163 websites |
 Spain | 152 websites |
 Italy | 119 websites |
 Canada | 117 websites |
 Russia | 116 websites |
CVE-2018-19287 usage by TLD
| .com | 4,009 websites |
| .org | 707 websites |
| .co.uk | 265 websites |
| .com.au | 260 websites |
| .net | 196 websites |
| .de | 175 websites |
| .nl | 149 websites |
| .ca | 136 websites |
| .fr | 100 websites |
| .ru | 92 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2018-19287
Top websites that are affected by CVE-2018-19287. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ********.com | United States | ***,*** | |
| ***********.com | United States | ***,*** | |
| *******.com | GB | ***,*** | |
| **********.**************.fr | France | ***,*** | |
| *********.jp |  Japan | ***,*** | |
| *************************.org | United States | ***,*** | |
| ******.com | United States | ***,*** | |
| ****************.cl | United States | ***,*** | |
| ************************.org | United States | ***,*** | |
| **********.com |  Nigeria | ***,*** |
FAQ
A total of 7,763 websites have been identified as vulnerable to CVE-2018-19287, discovered through global website indexing conducted by WebTechSurvey.
Ninja Forms is susceptible to CVE-2018-19287 vulnerability.
Ninja Forms versions before 3.3.18 are vulnerable to CVE-2018-19287.
Version 3.3.18 of Ninja Forms addresses the CVE-2018-19287 security vulnerability.