CVE-2021-36827
WordPress Ninja Forms Contact Form plugin <= 3.6.9 - Authenticated Stored Cross-Site Scripting (XSS) vulnerabilityAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Saturday Drive's Ninja Forms Contact Form plugin <= 3.6.9 at WordPress via "label".
We have discovered 19,264 live websites that are affected by CVE-2021-36827.
Affected Software
| Product | |
| Category | Form Builders |
| Vulnerable Domains | 19,264 live websites (13.33% of Ninja Forms install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 211 versions ( 76.45% of all versions) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Details
- Published - Jun 16, 2022
- Updated - Sep 16, 2024
Credits
- Asif Nawaz Minhas (Patchstack Alliance) (finder)
CWE
CVE References
CWE References
CVE-2021-36827 usage by Country
 United States | 9,632 websites |
 Germany | 1,585 websites |
 France | 1,058 websites |
 GB | 914 websites |
 Australia | 498 websites |
 Netherlands | 476 websites |
 Spain | 393 websites |
 Canada | 326 websites |
 Italy | 290 websites |
 Poland | 272 websites |
CVE-2021-36827 usage by TLD
| .com | 9,964 websites |
| .org | 1,167 websites |
| .co.uk | 717 websites |
| .com.au | 648 websites |
| .de | 581 websites |
| .nl | 468 websites |
| .net | 429 websites |
| .fr | 329 websites |
| .ca | 319 websites |
| .it | 245 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2021-36827
Top websites that are affected by CVE-2021-36827. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ********.com | United States | **,*** | |
| *****************.de | Germany | **,*** | |
| ***********.com | United States | **,*** | |
| ***********.com | United States | **,*** | |
| ********.com | France | ***,*** | |
| ***********************.com | United States | ***,*** | |
| ********.com | United States | ***,*** | |
| *********.com | United States | ***,*** | |
| ********.com | United States | ***,*** | |
| *******.com | United States | ***,*** |
FAQ
CVE-2021-36827 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Ninja Forms
A total of 19,264 websites have been identified as vulnerable to CVE-2021-36827, discovered through global website indexing conducted by WebTechSurvey.
Ninja Forms is susceptible to CVE-2021-36827 vulnerability.
Ninja Forms versions before, and including, 3.6.9 are vulnerable to CVE-2021-36827.