3 matches found
CVE-2026-15160
The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.6 via the 'spreadsheetexporttmpname' parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to write .xls/.xlsx files ...
CVE-2026-15161
The Ninja Forms - Excel Export plugin for WordPress (up to v3.3.6) is affected by a Stored XSS due to save_filter() storing raw $_POST['filter'] without capability check, nonce verification, or sanitization. The get_filter_row() code concatenates stored filter values into HTML attributes without ...
EUVD-2026-45136
The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.3.6. This is due to the savefilter AJAX handler storing the raw $POST'filter' array into a WordPress option via updateoption without any capability check, nonce...