Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
forms vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2021-24163
The AJAX action, wp_ajax_ninja_forms_sendwp_remote_install_handler, did not have a capability check on it, nor did it have any nonce protection, therefore making it possible for low-level users, such as subscribers, to install and activate the SendWP Ninja Forms Contact Form &nda...
Ninjaforms Ninja Forms
4
CVSSv2
CVE-2021-24164
In the Ninja Forms Contact Form WordPress plugin prior to 3.4.34.1, low-level users, such as subscribers, were able to trigger the action, wp_ajax_nf_oauth, and retrieve the connection url needed to establish a connection. They could also retrieve the client_id for an already est...
Ninjaforms Ninja Forms
NA
CVE-2022-3142
The NEX-Forms WordPress plugin prior to 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The attack can be executed by anyone who is permitted to view the forms statistics chart, by default administrators, howeve...
Basixonline Nex-forms
2 Github repositories
NA
CVE-2023-1405
The Formidable Forms WordPress plugin prior to 6.2 unserializes user input, which could allow anonymous users to perform PHP Object Injection when a suitable gadget is present.
Strategy11 Formidable Forms
5.8
CVSSv2
CVE-2021-24165
In the Ninja Forms Contact Form WordPress plugin prior to 3.4.34, the wp_ajax_nf_oauth_connect AJAX action was vulnerable to open redirect due to the use of a user supplied redirect parameter and no protection in place.
Ninjaforms Ninja Forms
3.5
CVSSv2
CVE-2021-24744
The WordPress Contact Forms by Cimatti WordPress plugin prior to 1.4.12 does not sanitise and escape the Form Title before outputting it in some admin pages. which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed...
Cimatti Contact Forms
NA
CVE-2022-3689
The HTML Forms WordPress plugin prior to 1.3.25 does not properly properly escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users
Ibericode Html Forms
7.5
CVSSv2
CVE-2016-1209
The Ninja Forms plugin prior to 2.9.42.1 for WordPress allows remote malicious users to conduct PHP object injection attacks via crafted serialized values in a POST request.
Ninjaforms Ninja Forms
1 EDB exploit
2 Github repositories
NA
CVE-2023-45748
Cross-Site Request Forgery (CSRF) vulnerability in MailMunch MailChimp Forms by MailMunch plugin <= 3.1.4 versions.
Mailmunch Mailchimp Forms
NA
CVE-2023-27613
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in MonitorClick Forms Ada – Form Builder plugin <= 1.0 versions.
Monitorclick Forms Ada
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »