Vulnerabilities > Ninjaforms > Ninja Forms

DATE CVE VULNERABILITY TITLE RISK
2020-02-14 CVE-2020-8594 Cross-site Scripting vulnerability in Ninjaforms Ninja Forms 3.4.22
The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vulnerabilities via ninja_forms[recaptcha_site_key], ninja_forms[recaptcha_secret_key], ninja_forms[recaptcha_lang], or ninja_forms[date_format].
network
low complexity
ninjaforms CWE-79
5.4
5.4
2019-08-22 CVE-2018-20981 Improper Input Validation vulnerability in Ninjaforms Ninja Forms
The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests.
network
low complexity
ninjaforms CWE-20
critical
 9.1
9.1
2019-08-22 CVE-2018-20980 Improper Input Validation vulnerability in Ninjaforms Ninja Forms
The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering.
network
low complexity
ninjaforms CWE-20
7.5
7.5
2019-08-22 CVE-2017-18574 Improper Input Validation vulnerability in Ninjaforms Ninja Forms
The ninja-forms plugin before 3.0.31 for WordPress has insufficient HTML escaping in the builder.
network
low complexity
ninjaforms CWE-20
6.1
6.1
2018-12-03 CVE-2018-19796 Open Redirect vulnerability in Ninjaforms Ninja Forms
An open redirect in the Ninja Forms plugin before 3.3.19.1 for WordPress allows Remote Attackers to redirect a user via the lib/StepProcessing/step-processing.php (aka submissions download page) redirect parameter.
network
low complexity
ninjaforms CWE-601
6.1
6.1
2018-09-01 CVE-2018-16308 Improper Neutralization of Formula Elements in a CSV File vulnerability in Ninjaforms Ninja Forms
The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection.
local
low complexity
ninjaforms CWE-1236
8.6
8.6
2018-02-21 CVE-2018-7280 Cross-site Scripting vulnerability in Ninjaforms Ninja Forms
The Ninja Forms plugin before 3.2.14 for WordPress has XSS.
network
low complexity
ninjaforms CWE-79
6.1
6.1
2016-05-14 CVE-2016-1209 Improper Input Validation vulnerability in Ninjaforms Ninja Forms
The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request.
network
low complexity
ninjaforms CWE-20
critical
 9.8
9.8