Vulnerabilities > Ninjaforms > Ninja Forms > 3.4.4

DATE CVE VULNERABILITY TITLE RISK
2021-01-06 CVE-2020-36174 Cross-Site Request Forgery (CSRF) vulnerability in Ninjaforms Ninja Forms
The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration.
network
low complexity
ninjaforms CWE-352
6.5
6.5
2021-01-06 CVE-2020-36173 Improper Encoding or Escaping of Output vulnerability in Ninjaforms Ninja Forms
The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for submissions-table fields.
network
low complexity
ninjaforms CWE-116
5.3
5.3
2020-04-29 CVE-2020-12462 Cross-Site Request Forgery (CSRF) vulnerability in Ninjaforms Ninja Forms
The ninja-forms plugin before 3.4.24.2 for WordPress allows CSRF with resultant XSS.
network
low complexity
ninjaforms CWE-352
6.1
6.1