Vulnerabilities > Ninjaforms > Ninja Forms > 3.3.6

DATE CVE VULNERABILITY TITLE RISK
2021-01-06 CVE-2020-36174 Cross-Site Request Forgery (CSRF) vulnerability in Ninjaforms Ninja Forms
The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration.
network
low complexity
ninjaforms CWE-352
6.5
2021-01-06 CVE-2020-36173 Improper Encoding or Escaping of Output vulnerability in Ninjaforms Ninja Forms
The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for submissions-table fields.
network
low complexity
ninjaforms CWE-116
5.3
2020-04-29 CVE-2020-12462 Cross-Site Request Forgery (CSRF) vulnerability in Ninjaforms Ninja Forms
The ninja-forms plugin before 3.4.24.2 for WordPress allows CSRF with resultant XSS.
network
low complexity
ninjaforms CWE-352
6.1
2019-08-22 CVE-2018-20981 Improper Input Validation vulnerability in Ninjaforms Ninja Forms
The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests.
network
low complexity
ninjaforms CWE-20
critical
9.1
2018-12-03 CVE-2018-19796 Open Redirect vulnerability in Ninjaforms Ninja Forms
An open redirect in the Ninja Forms plugin before 3.3.19.1 for WordPress allows Remote Attackers to redirect a user via the lib/StepProcessing/step-processing.php (aka submissions download page) redirect parameter.
network
low complexity
ninjaforms CWE-601
6.1
2018-09-01 CVE-2018-16308 Improper Neutralization of Formula Elements in a CSV File vulnerability in Ninjaforms Ninja Forms
The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection.
local
low complexity
ninjaforms CWE-1236
8.6