Vulnerabilities > Ninjaforms > Ninja Forms > High

DATE CVE VULNERABILITY TITLE RISK
2024-08-26 CVE-2024-39628 Cross-Site Request Forgery (CSRF) vulnerability in Ninjaforms Ninja Forms
Cross-Site Request Forgery (CSRF) vulnerability in Saturday Drive Ninja Forms allows Cross Site Request Forgery.This issue affects Ninja Forms: from n/a through 3.8.6.
network
low complexity
ninjaforms CWE-352
8.8
2024-06-19 CVE-2023-38393 Missing Authorization vulnerability in Ninjaforms Ninja Forms
Missing Authorization vulnerability in Saturday Drive Ninja Forms.This issue affects Ninja Forms: from n/a through 3.6.25.
network
low complexity
ninjaforms CWE-862
8.8
2022-09-26 CVE-2022-2903 Deserialization of Untrusted Data vulnerability in Ninjaforms Ninja Forms
The Ninja Forms Contact Form WordPress plugin before 3.6.13 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.
network
low complexity
ninjaforms CWE-502
7.2
2021-04-05 CVE-2021-24163 Missing Authorization vulnerability in Ninjaforms Ninja Forms
The AJAX action, wp_ajax_ninja_forms_sendwp_remote_install_handler, did not have a capability check on it, nor did it have any nonce protection, therefore making it possible for low-level users, such as subscribers, to install and activate the SendWP Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 and retrieve the client_secret key needed to establish the SendWP connection while also installing the SendWP plugin.
network
low complexity
ninjaforms CWE-862
8.8
2016-05-14 CVE-2016-1209 Improper Input Validation vulnerability in Ninjaforms Ninja Forms
The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request.
network
low complexity
ninjaforms CWE-20
7.5
2015-03-05 CVE-2014-9688 Remote Security vulnerability in Ninja Forms
Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for WordPress has unknown impact and remote attack vectors related to admin users.
network
low complexity
ninjaforms
7.5