Cross-Site Scripting Vulnerability in Popup Addon for Ninja Forms by Aman
CVE-2025-64264

Currently unrated

Key Information:

Vendor

WordPress
Status
Popup Addon For Ninja Forms
Vendor
CVE Published:
13 November 2025

What is CVE-2025-64264?

The Popup addon for Ninja Forms, produced by Aman, has a vulnerability that allows for improper sanitization of user inputs during web page generation. This results in a stored Cross-Site Scripting (XSS) flaw, which could potentially allow attackers to inject malicious scripts that execute when users interact with the compromised web pages. Affected versions of this addon include those up to and including 3.5.1, exposing users to security risks if not addressed.

Affected Version(s)

Popup addon for Ninja Forms <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/popu...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Kim YunJi | Patchstack Bug Bounty Program
JSON
.
CVE-2025-64264 : Cross-Site Scripting Vulnerability in Popup Addon for Ninja Forms by Aman