Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ninjaforms ninja forms vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2018-7280
The Ninja Forms plugin prior to 3.2.14 for WordPress has XSS.
Ninjaforms Ninja Forms
4.3
CVSSv3
CVE-2021-24164
In the Ninja Forms Contact Form WordPress plugin prior to 3.4.34.1, low-level users, such as subscribers, were able to trigger the action, wp_ajax_nf_oauth, and retrieve the connection url needed to establish a connection. They could also retrieve the client_id for an already est...
Ninjaforms Ninja Forms
5.4
CVSSv3
CVE-2021-24166
The wp_ajax_nf_oauth_disconnect from the Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin prior to 3.4.34 had no nonce protection making it possible for malicious users to craft a request to disconnect a site's OAuth connection.
Ninjaforms Ninja Forms
6.5
CVSSv3
CVE-2020-36174
The Ninja Forms plugin prior to 3.4.27.1 for WordPress allows CSRF via services integration.
Ninjaforms Ninja Forms
4.8
CVSSv3
CVE-2021-36827
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Saturday Drive's Ninja Forms Contact Form plugin <= 3.6.9 at WordPress via "label".
Ninjaforms Ninja Forms
6.1
CVSSv3
CVE-2023-37979
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Saturday Drive Ninja Forms Contact Form plugin <= 3.6.25 versions.
Ninjaforms Ninja Forms
4 Github repositories
NA
CVE-2015-2220
Multiple cross-site scripting (XSS) vulnerabilities in the Ninja Forms plugin prior to 2.8.9 for WordPress allow (1) remote malicious users to inject arbitrary web script or HTML via the ninja_forms_field_1 parameter in a ninja_forms_ajax_submit action to wp-admin/admin-ajax.php ...
Ninjaforms Ninja Forms
6.1
CVSSv3
CVE-2023-1835
The Ninja Forms Contact Form WordPress plugin prior to 3.6.22 does not properly escape user input before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Ninjaforms Ninja Forms
7.5
CVSSv3
CVE-2018-20980
The ninja-forms plugin prior to 3.2.15 for WordPress has parameter tampering.
Ninjaforms Ninja Forms
9.1
CVSSv3
CVE-2018-20981
The ninja-forms plugin prior to 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests.
Ninjaforms Ninja Forms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »