Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ninja forms vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2021-24164
In the Ninja Forms Contact Form WordPress plugin prior to 3.4.34.1, low-level users, such as subscribers, were able to trigger the action, wp_ajax_nf_oauth, and retrieve the connection url needed to establish a connection. They could also retrieve the client_id for an already est...
Ninjaforms Ninja Forms
5.8
CVSSv2
CVE-2021-24165
In the Ninja Forms Contact Form WordPress plugin prior to 3.4.34, the wp_ajax_nf_oauth_connect AJAX action was vulnerable to open redirect due to the use of a user supplied redirect parameter and no protection in place.
Ninjaforms Ninja Forms
5
CVSSv2
CVE-2020-36173
The Ninja Forms plugin prior to 3.4.28 for WordPress lacks escaping for submissions-table fields.
Ninjaforms Ninja Forms
4.3
CVSSv2
CVE-2020-36174
The Ninja Forms plugin prior to 3.4.27.1 for WordPress allows CSRF via services integration.
Ninjaforms Ninja Forms
5
CVSSv2
CVE-2020-36175
The Ninja Forms plugin prior to 3.4.27.1 for WordPress allows malicious users to bypass validation via the email field.
Ninjaforms Ninja Forms
4.3
CVSSv2
CVE-2020-12462
The ninja-forms plugin prior to 3.4.24.2 for WordPress allows CSRF with resultant XSS.
Ninjaforms Ninja Forms
3.5
CVSSv2
CVE-2020-8594
The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vulnerabilities via ninja_forms[recaptcha_site_key], ninja_forms[recaptcha_secret_key], ninja_forms[recaptcha_lang], or ninja_forms[date_format].
Ninjaforms Ninja Forms 3.4.22
5
CVSSv2
CVE-2018-20980
The ninja-forms plugin prior to 3.2.15 for WordPress has parameter tampering.
Ninjaforms Ninja Forms
6.4
CVSSv2
CVE-2018-20981
The ninja-forms plugin prior to 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests.
Ninjaforms Ninja Forms
4.3
CVSSv2
CVE-2017-18574
The ninja-forms plugin prior to 3.0.31 for WordPress has insufficient HTML escaping in the builder.
Ninjaforms Ninja Forms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »