Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ninja forms vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2019-10869
Path Traversal and Unrestricted File Upload exists in the Ninja Forms plugin prior to 3.0.23 for WordPress (when the Uploads add-on is activated). This allows an malicious user to traverse the file system to access files and execute code via the includes/fields/upload.php (aka up...
Ninjaforms Ninja Forms File Uploads
1 Github repository
5.8
CVSSv2
CVE-2018-19796
An open redirect in the Ninja Forms plugin prior to 3.3.19.1 for WordPress allows Remote malicious users to redirect a user via the lib/StepProcessing/step-processing.php (aka submissions download page) redirect parameter.
Ninjaforms Ninja Forms
4.3
CVSSv2
CVE-2018-19287
XSS in the Ninja Forms plugin prior to 3.3.18 for WordPress allows Remote malicious users to execute JavaScript via the includes/Admin/Menus/Submissions.php (aka submissions page) begin_date, end_date, or form_id parameter.
Ninjaforma Ninja Forms
1 EDB exploit
6.8
CVSSv2
CVE-2018-16308
The Ninja Forms plugin prior to 3.3.14.1 for WordPress allows CSV injection.
Ninjaforms Ninja Forms
4.3
CVSSv2
CVE-2018-7280
The Ninja Forms plugin prior to 3.2.14 for WordPress has XSS.
Ninjaforms Ninja Forms
7.5
CVSSv2
CVE-2016-1209
The Ninja Forms plugin prior to 2.9.42.1 for WordPress allows remote malicious users to conduct PHP object injection attacks via crafted serialized values in a POST request.
Ninjaforms Ninja Forms
1 EDB exploit
2 Github repositories
4.3
CVSSv2
CVE-2015-2220
Multiple cross-site scripting (XSS) vulnerabilities in the Ninja Forms plugin prior to 2.8.9 for WordPress allow (1) remote malicious users to inject arbitrary web script or HTML via the ninja_forms_field_1 parameter in a ninja_forms_ajax_submit action to wp-admin/admin-ajax.php ...
Ninjaforms Ninja Forms
7.5
CVSSv2
CVE-2014-9688
Unspecified vulnerability in the Ninja Forms plugin prior to 2.8.10 for WordPress has unknown impact and remote attack vectors related to admin users.
Ninjaforms Ninja Forms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5