Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ninjaforms vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2023-37979
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Saturday Drive Ninja Forms Contact Form plugin <= 3.6.25 versions.
Ninjaforms Ninja Forms
4 Github repositories
6.1
CVSSv3
CVE-2020-12462
The ninja-forms plugin prior to 3.4.24.2 for WordPress allows CSRF with resultant XSS.
Ninjaforms Ninja Forms
4.8
CVSSv3
CVE-2021-24381
The Ninja Forms Contact Form WordPress plugin prior to 3.5.8.2 does not sanitise and escape the custom class name of the form field created, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Ninjaforms Contact Form
NA
CVE-2015-2220
Multiple cross-site scripting (XSS) vulnerabilities in the Ninja Forms plugin prior to 2.8.9 for WordPress allow (1) remote malicious users to inject arbitrary web script or HTML via the ninja_forms_field_1 parameter in a ninja_forms_ajax_submit action to wp-admin/admin-ajax.php ...
Ninjaforms Ninja Forms
7.5
CVSSv3
CVE-2018-20980
The ninja-forms plugin prior to 3.2.15 for WordPress has parameter tampering.
Ninjaforms Ninja Forms
9.1
CVSSv3
CVE-2018-20981
The ninja-forms plugin prior to 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests.
Ninjaforms Ninja Forms
8.8
CVSSv3
CVE-2021-24163
The AJAX action, wp_ajax_ninja_forms_sendwp_remote_install_handler, did not have a capability check on it, nor did it have any nonce protection, therefore making it possible for low-level users, such as subscribers, to install and activate the SendWP Ninja Forms Contact Form &nda...
Ninjaforms Ninja Forms
4.3
CVSSv3
CVE-2021-24164
In the Ninja Forms Contact Form WordPress plugin prior to 3.4.34.1, low-level users, such as subscribers, were able to trigger the action, wp_ajax_nf_oauth, and retrieve the connection url needed to establish a connection. They could also retrieve the client_id for an already est...
Ninjaforms Ninja Forms
4.8
CVSSv3
CVE-2021-25066
The Ninja Forms Contact Form WordPress plugin prior to 3.6.10 does not sanitize and escape some imported data, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Ninjaforms Ninja Forms
5.3
CVSSv3
CVE-2020-36173
The Ninja Forms plugin prior to 3.4.28 for WordPress lacks escaping for submissions-table fields.
Ninjaforms Ninja Forms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »