Vulnerabilities > Ninjaforms > Ninja Forms > 3.6.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-04 | CVE-2021-25056 | Cross-site Scripting vulnerability in Ninjaforms Ninja Forms The Ninja Forms Contact Form WordPress plugin before 3.6.10 does not sanitise and escape field labels, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 4.8 |
| 2022-07-04 | CVE-2021-25066 | Unspecified vulnerability in Ninjaforms Ninja Forms The Ninja Forms Contact Form WordPress plugin before 3.6.10 does not sanitize and escape some imported data, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 4.8 |
| 2022-06-16 | CVE-2021-36827 | Unspecified vulnerability in Ninjaforms Ninja Forms Auth. | 4.8 |