Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ninjaforms ninja forms vulnerabilities and exploits
(subscribe to this query)
516
VMScore
CVE-2018-19796
An open redirect in the Ninja Forms plugin prior to 3.3.19.1 for WordPress allows Remote malicious users to redirect a user via the lib/StepProcessing/step-processing.php (aka submissions download page) redirect parameter.
Ninjaforms Ninja Forms
578
VMScore
CVE-2021-24163
The AJAX action, wp_ajax_ninja_forms_sendwp_remote_install_handler, did not have a capability check on it, nor did it have any nonce protection, therefore making it possible for low-level users, such as subscribers, to install and activate the SendWP Ninja Forms Contact Form &nda...
Ninjaforms Ninja Forms
356
VMScore
CVE-2021-24164
In the Ninja Forms Contact Form WordPress plugin prior to 3.4.34.1, low-level users, such as subscribers, were able to trigger the action, wp_ajax_nf_oauth, and retrieve the connection url needed to establish a connection. They could also retrieve the client_id for an already est...
Ninjaforms Ninja Forms
516
VMScore
CVE-2021-24165
In the Ninja Forms Contact Form WordPress plugin prior to 3.4.34, the wp_ajax_nf_oauth_connect AJAX action was vulnerable to open redirect due to the use of a user supplied redirect parameter and no protection in place.
Ninjaforms Ninja Forms
516
VMScore
CVE-2021-24166
The wp_ajax_nf_oauth_disconnect from the Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin prior to 3.4.34 had no nonce protection making it possible for malicious users to craft a request to disconnect a site's OAuth connection.
Ninjaforms Ninja Forms
578
VMScore
CVE-2021-24889
The Ninja Forms Contact Form WordPress plugin prior to 3.6.4 does not escape keys of the fields POST parameter, which could allow high privilege users to perform SQL injections attacks
Ninjaforms Ninja Forms
312
VMScore
CVE-2021-36827
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Saturday Drive's Ninja Forms Contact Form plugin <= 3.6.9 at WordPress via "label".
Ninjaforms Ninja Forms
NA
CVE-2023-5530
The Ninja Forms Contact Form WordPress plugin prior to 3.6.34 does not sanitize and escape its label fields, which could allow high privilege users such as admin to perform Stored XSS attacks. Only users with the unfiltered_html capability can perform this, and such users are alr...
Ninjaforms Ninja Forms
383
VMScore
CVE-2017-18574
The ninja-forms plugin prior to 3.0.31 for WordPress has insufficient HTML escaping in the builder.
Ninjaforms Ninja Forms
668
VMScore
CVE-2014-9688
Unspecified vulnerability in the Ninja Forms plugin prior to 2.8.10 for WordPress has unknown impact and remote attack vectors related to admin users.
Ninjaforms Ninja Forms
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
CVE-2023-52162
CVE-2024-23670
CVE-2024-5404
man-in-the-middle
CVE-2024-5214
CVE-2024-4358
CVE-2024-20696
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »