Ninja Forms

DATE	CVE	VULNERABILITY TITLE	RISK
2021-01-06	CVE-2020-36175	Improper Input Validation vulnerability in Ninjaforms Ninja Forms The Ninja Forms plugin before 3.4.27.1 for WordPress allows attackers to bypass validation via the email field. network low complexity ninjaforms CWE-20	5.3
2021-01-06	CVE-2020-36174	Cross-Site Request Forgery (CSRF) vulnerability in Ninjaforms Ninja Forms The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration. network low complexity ninjaforms CWE-352	6.5
2021-01-06	CVE-2020-36173	Improper Encoding or Escaping of Output vulnerability in Ninjaforms Ninja Forms The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for submissions-table fields. network low complexity ninjaforms CWE-116	5.3
2020-04-29	CVE-2020-12462	Cross-Site Request Forgery (CSRF) vulnerability in Ninjaforms Ninja Forms The ninja-forms plugin before 3.4.24.2 for WordPress allows CSRF with resultant XSS. network low complexity ninjaforms CWE-352	6.1
2020-02-14	CVE-2020-8594	Cross-site Scripting vulnerability in Ninjaforms Ninja Forms 3.4.22 The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vulnerabilities via ninja_forms[recaptcha_site_key], ninja_forms[recaptcha_secret_key], ninja_forms[recaptcha_lang], or ninja_forms[date_format]. network low complexity ninjaforms CWE-79	5.4
2019-08-22	CVE-2018-20981	Improper Input Validation vulnerability in Ninjaforms Ninja Forms The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests. network low complexity ninjaforms CWE-20 critical	9.1
2019-08-22	CVE-2018-20980	Improper Input Validation vulnerability in Ninjaforms Ninja Forms The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering. network low complexity ninjaforms CWE-20	7.5
2019-08-22	CVE-2017-18574	Improper Input Validation vulnerability in Ninjaforms Ninja Forms The ninja-forms plugin before 3.0.31 for WordPress has insufficient HTML escaping in the builder. network low complexity ninjaforms CWE-20	6.1
2018-12-03	CVE-2018-19796	Open Redirect vulnerability in Ninjaforms Ninja Forms An open redirect in the Ninja Forms plugin before 3.3.19.1 for WordPress allows Remote Attackers to redirect a user via the lib/StepProcessing/step-processing.php (aka submissions download page) redirect parameter. network low complexity ninjaforms CWE-601	6.1
2018-09-01	CVE-2018-16308	Improper Neutralization of Formula Elements in a CSV File vulnerability in Ninjaforms Ninja Forms The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection. local low complexity ninjaforms CWE-1236	8.6