Vulnerabilities > Ninjaforms > Ninja Forms > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-26 | CVE-2024-39628 | Cross-Site Request Forgery (CSRF) vulnerability in Ninjaforms Ninja Forms Cross-Site Request Forgery (CSRF) vulnerability in Saturday Drive Ninja Forms allows Cross Site Request Forgery.This issue affects Ninja Forms: from n/a through 3.8.6. | 8.8 |
| 2024-06-19 | CVE-2023-38393 | Unspecified vulnerability in Ninjaforms Ninja Forms Missing Authorization vulnerability in Saturday Drive Ninja Forms.This issue affects Ninja Forms: from n/a through 3.6.25. | 8.8 |
| 2022-09-26 | CVE-2022-2903 | Unspecified vulnerability in Ninjaforms Ninja Forms The Ninja Forms Contact Form WordPress plugin before 3.6.13 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog. | 7.2 |
| 2021-11-29 | CVE-2021-24889 | Unspecified vulnerability in Ninjaforms Ninja Forms The Ninja Forms Contact Form WordPress plugin before 3.6.4 does not escape keys of the fields POST parameter, which could allow high privilege users to perform SQL injections attacks | 7.2 |
| 2021-04-05 | CVE-2021-24163 | Missing Authorization vulnerability in Ninjaforms Ninja Forms The AJAX action, wp_ajax_ninja_forms_sendwp_remote_install_handler, did not have a capability check on it, nor did it have any nonce protection, therefore making it possible for low-level users, such as subscribers, to install and activate the SendWP Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 and retrieve the client_secret key needed to establish the SendWP connection while also installing the SendWP plugin. | 8.8 |
| 2019-08-22 | CVE-2018-20980 | Improper Input Validation vulnerability in Ninjaforms Ninja Forms The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering. | 7.5 |
| 2018-09-01 | CVE-2018-16308 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Ninjaforms Ninja Forms The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection. | 8.6 |