Filtered by vendor Ninjaforms
Subscriptions
Total
40 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-39628 | 1 Ninjaforms | 1 Ninja Forms | 2024-09-18 | 5.4 Medium |
Cross-Site Request Forgery (CSRF) vulnerability in Saturday Drive Ninja Forms.This issue affects Ninja Forms: from n/a through 3.8.6. | ||||
CVE-2018-7280 | 1 Ninjaforms | 1 Ninja Forms | 2024-09-17 | N/A |
The Ninja Forms plugin before 3.2.14 for WordPress has XSS. | ||||
CVE-2021-34648 | 1 Ninjaforms | 1 Ninja Forms | 2024-09-16 | 6.4 Medium |
The Ninja Forms WordPress plugin is vulnerable to arbitrary email sending via the trigger_email_action function found in the ~/includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to send arbitrary emails from the affected server via the /ninja-forms-submissions/email-action REST API which can be used to socially engineer victims. | ||||
CVE-2021-34647 | 1 Ninjaforms | 1 Ninja Forms | 2024-09-16 | 6.5 Medium |
The Ninja Forms WordPress plugin is vulnerable to sensitive information disclosure via the bulk_export_submissions function found in the ~/includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to export all Ninja Forms submissions data via the /ninja-forms-submissions/export REST API which can include personally identifiable information. | ||||
CVE-2021-36827 | 1 Ninjaforms | 1 Ninja Forms | 2024-09-16 | 4.8 Medium |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Saturday Drive's Ninja Forms Contact Form plugin <= 3.6.9 at WordPress via "label". | ||||
CVE-2014-9688 | 1 Ninjaforms | 1 Ninja Forms | 2024-09-16 | N/A |
Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for WordPress has unknown impact and remote attack vectors related to admin users. | ||||
CVE-2024-7354 | 1 Ninjaforms | 1 Ninja Forms | 2024-09-03 | 6.1 Medium |
The Ninja Forms WordPress plugin before 3.8.11 does not escape an URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
CVE-2024-37934 | 1 Ninjaforms | 1 Ninja Forms | 2024-08-29 | 5.4 Medium |
Improper Control of Generation of Code ('Code Injection') vulnerability in Saturday Drive Ninja Forms allows Code Injection.This issue affects Ninja Forms: from n/a through 3.8.4. | ||||
CVE-2015-2220 | 1 Ninjaforms | 1 Ninja Forms | 2024-08-06 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the Ninja Forms plugin before 2.8.9 for WordPress allow (1) remote attackers to inject arbitrary web script or HTML via the ninja_forms_field_1 parameter in a ninja_forms_ajax_submit action to wp-admin/admin-ajax.php or (2) remote administrators to inject arbitrary web script or HTML via the fields[1] parameter to wp-admin/post.php. | ||||
CVE-2016-1209 | 1 Ninjaforms | 1 Ninja Forms | 2024-08-05 | N/A |
The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request. | ||||
CVE-2017-18574 | 1 Ninjaforms | 1 Ninja Forms | 2024-08-05 | N/A |
The ninja-forms plugin before 3.0.31 for WordPress has insufficient HTML escaping in the builder. | ||||
CVE-2018-20981 | 1 Ninjaforms | 1 Ninja Forms | 2024-08-05 | N/A |
The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests. | ||||
CVE-2018-20980 | 1 Ninjaforms | 1 Ninja Forms | 2024-08-05 | N/A |
The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering. | ||||
CVE-2018-19796 | 1 Ninjaforms | 1 Ninja Forms | 2024-08-05 | N/A |
An open redirect in the Ninja Forms plugin before 3.3.19.1 for WordPress allows Remote Attackers to redirect a user via the lib/StepProcessing/step-processing.php (aka submissions download page) redirect parameter. | ||||
CVE-2018-16308 | 1 Ninjaforms | 1 Ninja Forms | 2024-08-05 | N/A |
The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection. | ||||
CVE-2019-15025 | 1 Ninjaforms | 1 Ninjaforms | 2024-08-05 | N/A |
The ninja-forms plugin before 3.3.21.2 for WordPress has SQL injection in the search filter on the submissions page. | ||||
CVE-2019-10869 | 1 Ninjaforms | 1 Ninja Forms File Uploads | 2024-08-04 | 8.1 High |
Path Traversal and Unrestricted File Upload exists in the Ninja Forms plugin before 3.0.23 for WordPress (when the Uploads add-on is activated). This allows an attacker to traverse the file system to access files and execute code via the includes/fields/upload.php (aka upload/submit page) name and tmp_name parameters. | ||||
CVE-2020-36173 | 1 Ninjaforms | 1 Ninja Forms | 2024-08-04 | 5.3 Medium |
The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for submissions-table fields. | ||||
CVE-2020-36174 | 1 Ninjaforms | 1 Ninja Forms | 2024-08-04 | 6.5 Medium |
The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration. | ||||
CVE-2020-36175 | 1 Ninjaforms | 1 Ninja Forms | 2024-08-04 | 5.3 Medium |
The Ninja Forms plugin before 3.4.27.1 for WordPress allows attackers to bypass validation via the email field. |