Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ninjaforms ninja forms vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2020-36173
The Ninja Forms plugin prior to 3.4.28 for WordPress lacks escaping for submissions-table fields.
Ninjaforms Ninja Forms
4.3
CVSSv2
CVE-2020-36174
The Ninja Forms plugin prior to 3.4.27.1 for WordPress allows CSRF via services integration.
Ninjaforms Ninja Forms
5
CVSSv2
CVE-2020-36175
The Ninja Forms plugin prior to 3.4.27.1 for WordPress allows malicious users to bypass validation via the email field.
Ninjaforms Ninja Forms
4.3
CVSSv2
CVE-2020-12462
The ninja-forms plugin prior to 3.4.24.2 for WordPress allows CSRF with resultant XSS.
Ninjaforms Ninja Forms
3.5
CVSSv2
CVE-2020-8594
The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vulnerabilities via ninja_forms[recaptcha_site_key], ninja_forms[recaptcha_secret_key], ninja_forms[recaptcha_lang], or ninja_forms[date_format].
Ninjaforms Ninja Forms 3.4.22
5
CVSSv2
CVE-2018-20980
The ninja-forms plugin prior to 3.2.15 for WordPress has parameter tampering.
Ninjaforms Ninja Forms
6.4
CVSSv2
CVE-2018-20981
The ninja-forms plugin prior to 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests.
Ninjaforms Ninja Forms
4.3
CVSSv2
CVE-2017-18574
The ninja-forms plugin prior to 3.0.31 for WordPress has insufficient HTML escaping in the builder.
Ninjaforms Ninja Forms
7.5
CVSSv2
CVE-2019-15025
The ninja-forms plugin prior to 3.3.21.2 for WordPress has SQL injection in the search filter on the submissions page.
Ninjaforms Ninjaforms
6.8
CVSSv2
CVE-2019-10869
Path Traversal and Unrestricted File Upload exists in the Ninja Forms plugin prior to 3.0.23 for WordPress (when the Uploads add-on is activated). This allows an malicious user to traverse the file system to access files and execute code via the includes/fields/upload.php (aka up...
Ninjaforms Ninja Forms File Uploads
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »