Vulnerabilities > Ninjaforms > Ninja Forms > Low

DATE CVE VULNERABILITY TITLE RISK
2022-07-04 CVE-2021-25066 Cross-site Scripting vulnerability in Ninjaforms Ninja Forms
The Ninja Forms Contact Form WordPress plugin before 3.6.10 does not sanitize and escape some imported data, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
network
ninjaforms CWE-79
3.5
2022-07-04 CVE-2021-25056 Cross-site Scripting vulnerability in Ninjaforms Ninja Forms
The Ninja Forms Contact Form WordPress plugin before 3.6.10 does not sanitise and escape field labels, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
network
ninjaforms CWE-79
3.5
2020-02-14 CVE-2020-8594 Cross-site Scripting vulnerability in Ninjaforms Ninja Forms 3.4.22
The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vulnerabilities via ninja_forms[recaptcha_site_key], ninja_forms[recaptcha_secret_key], ninja_forms[recaptcha_lang], or ninja_forms[date_format].
network
ninjaforms CWE-79
3.5