Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ninja forms vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2023-47779
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks. Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms: ...
Crmperks Integration For Constant Contact And Contact Form 7\\, Wpforms\\, Elementor\\, Ninja
5.3
CVSSv3
CVE-2023-35909
Uncontrolled Resource Consumption vulnerability in Saturday Drive Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress leading to DoS.This issue affects Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress: from n/a up to and incl...
Ninjaforms Ninja Forms
4.8
CVSSv3
CVE-2023-5530
The Ninja Forms Contact Form WordPress plugin prior to 3.6.34 does not sanitize and escape its label fields, which could allow high privilege users such as admin to perform Stored XSS attacks. Only users with the unfiltered_html capability can perform this, and such users are alr...
Ninjaforms Ninja Forms
9.8
CVSSv3
CVE-2023-5601
The WooCommerce Ninja Forms Product Add-ons WordPress plugin prior to 1.7.1 does not validate the file to be uploaded, allowing any unauthenticated users to upload arbitrary files to the server, leading to RCE.
Atomicwebstrategy Woocommerce Ninja Forms Product Add-ons
1 Github repository
4.8
CVSSv3
CVE-2023-4109
The Ninja Forms WordPress Ninja Forms Contact Form WordPress plugin prior to 3.6.26 was affected by a HTML Injection security vulnerability.
Ninjaforms Ninja Forms Contact Form
6.1
CVSSv3
CVE-2023-37979
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Saturday Drive Ninja Forms Contact Form plugin <= 3.6.25 versions.
Ninjaforms Ninja Forms
4 Github repositories
6.1
CVSSv3
CVE-2023-2333
The Ninja Forms Google Sheet Connector WordPress plugin prior to 1.2.7, gsheetconnector-ninja-forms-pro WordPress plugin up to and including 1.2.7 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be use...
Gsheetconnector Ninja Forms Google Sheet Connector
6.1
CVSSv3
CVE-2023-1835
The Ninja Forms Contact Form WordPress plugin prior to 3.6.22 does not properly escape user input before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Ninjaforms Ninja Forms
7.2
CVSSv3
CVE-2022-2903
The Ninja Forms Contact Form WordPress plugin prior to 3.6.13 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.
Ninjaforms Ninja Forms
4.8
CVSSv3
CVE-2021-25066
The Ninja Forms Contact Form WordPress plugin prior to 3.6.10 does not sanitize and escape some imported data, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Ninjaforms Ninja Forms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »