Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ninja forms vulnerabilities and exploits
(subscribe to this query)
516
VMScore
CVE-2021-24165
In the Ninja Forms Contact Form WordPress plugin prior to 3.4.34, the wp_ajax_nf_oauth_connect AJAX action was vulnerable to open redirect due to the use of a user supplied redirect parameter and no protection in place.
Ninjaforms Ninja Forms
516
VMScore
CVE-2021-24166
The wp_ajax_nf_oauth_disconnect from the Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin prior to 3.4.34 had no nonce protection making it possible for malicious users to craft a request to disconnect a site's OAuth connection.
Ninjaforms Ninja Forms
445
VMScore
CVE-2020-36173
The Ninja Forms plugin prior to 3.4.28 for WordPress lacks escaping for submissions-table fields.
Ninjaforms Ninja Forms
383
VMScore
CVE-2020-36174
The Ninja Forms plugin prior to 3.4.27.1 for WordPress allows CSRF via services integration.
Ninjaforms Ninja Forms
445
VMScore
CVE-2020-36175
The Ninja Forms plugin prior to 3.4.27.1 for WordPress allows malicious users to bypass validation via the email field.
Ninjaforms Ninja Forms
383
VMScore
CVE-2020-12462
The ninja-forms plugin prior to 3.4.24.2 for WordPress allows CSRF with resultant XSS.
Ninjaforms Ninja Forms
312
VMScore
CVE-2020-8594
The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vulnerabilities via ninja_forms[recaptcha_site_key], ninja_forms[recaptcha_secret_key], ninja_forms[recaptcha_lang], or ninja_forms[date_format].
Ninjaforms Ninja Forms 3.4.22
383
VMScore
CVE-2017-18574
The ninja-forms plugin prior to 3.0.31 for WordPress has insufficient HTML escaping in the builder.
Ninjaforms Ninja Forms
445
VMScore
CVE-2018-20980
The ninja-forms plugin prior to 3.2.15 for WordPress has parameter tampering.
Ninjaforms Ninja Forms
570
VMScore
CVE-2018-20981
The ninja-forms plugin prior to 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests.
Ninjaforms Ninja Forms
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »