Filtered by vendor Ninjaforms
Subscribe
Total
59 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-24889 | 1 Ninjaforms | 1 Ninja Forms | 2021-11-29 | 6.5 MEDIUM | 7.2 HIGH |
| The Ninja Forms Contact Form WordPress plugin before 3.6.4 does not escape keys of the fields POST parameter, which could allow high privilege users to perform SQL injections attacks | |||||
| CVE-2021-24381 | 1 Ninjaforms | 1 Contact Form | 2021-10-28 | 3.5 LOW | 4.8 MEDIUM |
| The Ninja Forms Contact Form WordPress plugin before 3.5.8.2 does not sanitise and escape the custom class name of the form field created, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2020-36173 | 1 Ninjaforms | 1 Ninja Forms | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for submissions-table fields. | |||||
| CVE-2020-36175 | 1 Ninjaforms | 1 Ninja Forms | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Ninja Forms plugin before 3.4.27.1 for WordPress allows attackers to bypass validation via the email field. | |||||
| CVE-2021-24166 | 1 Ninjaforms | 1 Ninja Forms | 2021-04-09 | 5.8 MEDIUM | 5.4 MEDIUM |
| The wp_ajax_nf_oauth_disconnect from the Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 had no nonce protection making it possible for attackers to craft a request to disconnect a site's OAuth connection. | |||||
| CVE-2021-24165 | 1 Ninjaforms | 1 Ninja Forms | 2021-04-09 | 5.8 MEDIUM | 6.1 MEDIUM |
| In the Ninja Forms Contact Form WordPress plugin before 3.4.34, the wp_ajax_nf_oauth_connect AJAX action was vulnerable to open redirect due to the use of a user supplied redirect parameter and no protection in place. | |||||
| CVE-2020-36174 | 1 Ninjaforms | 1 Ninja Forms | 2021-01-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration. | |||||
| CVE-2018-16308 | 1 Ninjaforms | 1 Ninja Forms | 2020-08-24 | 6.8 MEDIUM | 8.6 HIGH |
| The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection. | |||||
| CVE-2020-12462 | 1 Ninjaforms | 1 Ninja Forms | 2020-05-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| The ninja-forms plugin before 3.4.24.2 for WordPress allows CSRF with resultant XSS. | |||||
| CVE-2018-19796 | 1 Ninjaforms | 1 Ninja Forms | 2020-03-03 | 5.8 MEDIUM | 6.1 MEDIUM |
| An open redirect in the Ninja Forms plugin before 3.3.19.1 for WordPress allows Remote Attackers to redirect a user via the lib/StepProcessing/step-processing.php (aka submissions download page) redirect parameter. | |||||
| CVE-2020-8594 | 1 Ninjaforms | 1 Ninja Forms | 2020-02-18 | 3.5 LOW | 5.4 MEDIUM |
| The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vulnerabilities via ninja_forms[recaptcha_site_key], ninja_forms[recaptcha_secret_key], ninja_forms[recaptcha_lang], or ninja_forms[date_format]. | |||||
| CVE-2018-20981 | 1 Ninjaforms | 1 Ninja Forms | 2019-08-26 | 6.4 MEDIUM | 9.1 CRITICAL |
| The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests. | |||||
| CVE-2018-20980 | 1 Ninjaforms | 1 Ninja Forms | 2019-08-26 | 5.0 MEDIUM | 7.5 HIGH |
| The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering. | |||||
| CVE-2017-18574 | 1 Ninjaforms | 1 Ninja Forms | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The ninja-forms plugin before 3.0.31 for WordPress has insufficient HTML escaping in the builder. | |||||
| CVE-2019-15025 | 1 Ninjaforms | 1 Ninjaforms | 2019-08-20 | 7.5 HIGH | 9.8 CRITICAL |
| The ninja-forms plugin before 3.3.21.2 for WordPress has SQL injection in the search filter on the submissions page. | |||||
| CVE-2015-2220 | 1 Ninjaforms | 1 Ninja Forms | 2018-10-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Ninja Forms plugin before 2.8.9 for WordPress allow (1) remote attackers to inject arbitrary web script or HTML via the ninja_forms_field_1 parameter in a ninja_forms_ajax_submit action to wp-admin/admin-ajax.php or (2) remote administrators to inject arbitrary web script or HTML via the fields[1] parameter to wp-admin/post.php. | |||||
| CVE-2018-7280 | 1 Ninjaforms | 1 Ninja Forms | 2018-03-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Ninja Forms plugin before 3.2.14 for WordPress has XSS. | |||||
| CVE-2016-1209 | 1 Ninjaforms | 1 Ninja Forms | 2016-06-23 | 7.5 HIGH | 9.8 CRITICAL |
| The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request. | |||||
| CVE-2014-9688 | 1 Ninjaforms | 1 Ninja Forms | 2015-03-05 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for WordPress has unknown impact and remote attack vectors related to admin users. | |||||