Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ninja forms vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-15025
The ninja-forms plugin prior to 3.3.21.2 for WordPress has SQL injection in the search filter on the submissions page.
Ninjaforms Ninjaforms
8.1
CVSSv3
CVE-2019-10869
Path Traversal and Unrestricted File Upload exists in the Ninja Forms plugin prior to 3.0.23 for WordPress (when the Uploads add-on is activated). This allows an malicious user to traverse the file system to access files and execute code via the includes/fields/upload.php (aka up...
Ninjaforms Ninja Forms File Uploads
1 Github repository
6.1
CVSSv3
CVE-2018-19796
An open redirect in the Ninja Forms plugin prior to 3.3.19.1 for WordPress allows Remote malicious users to redirect a user via the lib/StepProcessing/step-processing.php (aka submissions download page) redirect parameter.
Ninjaforms Ninja Forms
6.1
CVSSv3
CVE-2018-19287
XSS in the Ninja Forms plugin prior to 3.3.18 for WordPress allows Remote malicious users to execute JavaScript via the includes/Admin/Menus/Submissions.php (aka submissions page) begin_date, end_date, or form_id parameter.
Ninjaforma Ninja Forms
1 EDB exploit
8.6
CVSSv3
CVE-2018-16308
The Ninja Forms plugin prior to 3.3.14.1 for WordPress allows CSV injection.
Ninjaforms Ninja Forms
6.1
CVSSv3
CVE-2018-7280
The Ninja Forms plugin prior to 3.2.14 for WordPress has XSS.
Ninjaforms Ninja Forms
9.8
CVSSv3
CVE-2016-1209
The Ninja Forms plugin prior to 2.9.42.1 for WordPress allows remote malicious users to conduct PHP object injection attacks via crafted serialized values in a POST request.
Ninjaforms Ninja Forms
1 EDB exploit
2 Github repositories
NA
CVE-2015-2220
Multiple cross-site scripting (XSS) vulnerabilities in the Ninja Forms plugin prior to 2.8.9 for WordPress allow (1) remote malicious users to inject arbitrary web script or HTML via the ninja_forms_field_1 parameter in a ninja_forms_ajax_submit action to wp-admin/admin-ajax.php ...
Ninjaforms Ninja Forms
NA
CVE-2014-9688
Unspecified vulnerability in the Ninja Forms plugin prior to 2.8.10 for WordPress has unknown impact and remote attack vectors related to admin users.
Ninjaforms Ninja Forms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5