Vulnerabilities > Ninjaforms > Ninja Forms > 2.9.45

DATE CVE VULNERABILITY TITLE RISK
2019-08-22 CVE-2018-20980 Improper Input Validation vulnerability in Ninjaforms Ninja Forms
The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering.
network
low complexity
ninjaforms CWE-20
7.5
7.5
2019-08-22 CVE-2017-18574 Improper Input Validation vulnerability in Ninjaforms Ninja Forms
The ninja-forms plugin before 3.0.31 for WordPress has insufficient HTML escaping in the builder.
network
low complexity
ninjaforms CWE-20
6.1
6.1
2018-12-03 CVE-2018-19796 Open Redirect vulnerability in Ninjaforms Ninja Forms
An open redirect in the Ninja Forms plugin before 3.3.19.1 for WordPress allows Remote Attackers to redirect a user via the lib/StepProcessing/step-processing.php (aka submissions download page) redirect parameter.
network
low complexity
ninjaforms CWE-601
6.1
6.1
2018-09-01 CVE-2018-16308 Improper Neutralization of Formula Elements in a CSV File vulnerability in Ninjaforms Ninja Forms
The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection.
local
low complexity
ninjaforms CWE-1236
8.6
8.6
2018-02-21 CVE-2018-7280 Cross-site Scripting vulnerability in Ninjaforms Ninja Forms
The Ninja Forms plugin before 3.2.14 for WordPress has XSS.
network
low complexity
ninjaforms CWE-79
6.1
6.1