The Ninja Forms - Excel Export plugin for WordPress has a Stored Cross-Site Scripting vulnerability in versions up to and including 3.3.6. Authenticated attackers with subscriber-level access can inject web scripts. This vulnerability exists due to the save_filter() AJAX handler storing raw $_POST['filter'] array into a WordPress option without capability checks or input sanitization. The get_filter_row() [truncated]
The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.6 via the 'spreadsheet_export_tmp_name' parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to write .xls/.xlsx files to arbitrary locations on the server, which can be used to stage further attacks.
The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Insecure Direct Object Reference, allowing authenticated attackers with subscriber-level access to enumerate form IDs and download submission data. This could lead to potential data leaks, including names, email addresses, phone numbers, physical addresses, and other Personally Identifiable Information (PII) collected by site forms. Admi [truncated]