Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ninja forms vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2021-34648
The Ninja Forms WordPress plugin is vulnerable to arbitrary email sending via the trigger_email_action function found in the ~/includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated malicious users to send arbitrary emails from the ...
Ninjaforms Ninja Forms
4.8
CVSSv3
CVE-2023-5530
The Ninja Forms Contact Form WordPress plugin prior to 3.6.34 does not sanitize and escape its label fields, which could allow high privilege users such as admin to perform Stored XSS attacks. Only users with the unfiltered_html capability can perform this, and such users are alr...
Ninjaforms Ninja Forms
6.1
CVSSv3
CVE-2023-1835
The Ninja Forms Contact Form WordPress plugin prior to 3.6.22 does not properly escape user input before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Ninjaforms Ninja Forms
6.1
CVSSv3
CVE-2021-24165
In the Ninja Forms Contact Form WordPress plugin prior to 3.4.34, the wp_ajax_nf_oauth_connect AJAX action was vulnerable to open redirect due to the use of a user supplied redirect parameter and no protection in place.
Ninjaforms Ninja Forms
5.4
CVSSv3
CVE-2021-24166
The wp_ajax_nf_oauth_disconnect from the Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin prior to 3.4.34 had no nonce protection making it possible for malicious users to craft a request to disconnect a site's OAuth connection.
Ninjaforms Ninja Forms
7.5
CVSSv3
CVE-2018-20980
The ninja-forms plugin prior to 3.2.15 for WordPress has parameter tampering.
Ninjaforms Ninja Forms
6.1
CVSSv3
CVE-2018-19287
XSS in the Ninja Forms plugin prior to 3.3.18 for WordPress allows Remote malicious users to execute JavaScript via the includes/Admin/Menus/Submissions.php (aka submissions page) begin_date, end_date, or form_id parameter.
Ninjaforma Ninja Forms
1 EDB exploit
6.1
CVSSv3
CVE-2023-37979
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Saturday Drive Ninja Forms Contact Form plugin <= 3.6.25 versions.
Ninjaforms Ninja Forms
4 Github repositories
4.8
CVSSv3
CVE-2021-25056
The Ninja Forms Contact Form WordPress plugin prior to 3.6.10 does not sanitise and escape field labels, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Ninjaforms Ninja Forms
4.8
CVSSv3
CVE-2021-25066
The Ninja Forms Contact Form WordPress plugin prior to 3.6.10 does not sanitize and escape some imported data, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Ninjaforms Ninja Forms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37884
CVE-2024-6003
remote
brute force
information disclosure
CVE-2024-27801
CVE-2024-30078
CVE-2024-31870
CVE-2024-6042
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »