Total
34 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-36175 | 1 Ninjaforms | 1 Ninja Forms | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Ninja Forms plugin before 3.4.27.1 for WordPress allows attackers to bypass validation via the email field. | |||||
| CVE-2020-36174 | 1 Ninjaforms | 1 Ninja Forms | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration. | |||||
| CVE-2020-36173 | 1 Ninjaforms | 1 Ninja Forms | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for submissions-table fields. | |||||
| CVE-2020-12462 | 1 Ninjaforms | 1 Ninja Forms | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The ninja-forms plugin before 3.4.24.2 for WordPress allows CSRF with resultant XSS. | |||||
| CVE-2020-8594 | 1 Ninjaforms | 1 Ninja Forms | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vulnerabilities via ninja_forms[recaptcha_site_key], ninja_forms[recaptcha_secret_key], ninja_forms[recaptcha_lang], or ninja_forms[date_format]. | |||||
| CVE-2017-18574 | 1 Ninjaforms | 1 Ninja Forms | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The ninja-forms plugin before 3.0.31 for WordPress has insufficient HTML escaping in the builder. | |||||
| CVE-2018-20981 | 1 Ninjaforms | 1 Ninja Forms | 2024-02-04 | 6.4 MEDIUM | 9.1 CRITICAL |
| The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests. | |||||
| CVE-2018-20980 | 1 Ninjaforms | 1 Ninja Forms | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering. | |||||
| CVE-2018-16308 | 1 Ninjaforms | 1 Ninja Forms | 2024-02-04 | 6.8 MEDIUM | 8.6 HIGH |
| The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection. | |||||
| CVE-2018-19796 | 1 Ninjaforms | 1 Ninja Forms | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| An open redirect in the Ninja Forms plugin before 3.3.19.1 for WordPress allows Remote Attackers to redirect a user via the lib/StepProcessing/step-processing.php (aka submissions download page) redirect parameter. | |||||
| CVE-2018-7280 | 1 Ninjaforms | 1 Ninja Forms | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Ninja Forms plugin before 3.2.14 for WordPress has XSS. | |||||
| CVE-2016-1209 | 1 Ninjaforms | 1 Ninja Forms | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request. | |||||
| CVE-2014-9688 | 1 Ninjaforms | 1 Ninja Forms | 2024-02-04 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for WordPress has unknown impact and remote attack vectors related to admin users. | |||||
| CVE-2015-2220 | 1 Ninjaforms | 1 Ninja Forms | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Ninja Forms plugin before 2.8.9 for WordPress allow (1) remote attackers to inject arbitrary web script or HTML via the ninja_forms_field_1 parameter in a ninja_forms_ajax_submit action to wp-admin/admin-ajax.php or (2) remote administrators to inject arbitrary web script or HTML via the fields[1] parameter to wp-admin/post.php. | |||||