Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2021-09-22	CVE-2021-34648	Missing Authorization vulnerability in Ninjaforms Ninja Forms The Ninja Forms WordPress plugin is vulnerable to arbitrary email sending via the trigger_email_action function found in the ~/includes/Routes/Submissions.php file, in versions up to and including 3.5.7. network low complexity ninjaforms CWE-862	4.3
2021-04-05	CVE-2021-24166	Cross-Site Request Forgery (CSRF) vulnerability in Ninjaforms Ninja Forms The wp_ajax_nf_oauth_disconnect from the Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 had no nonce protection making it possible for attackers to craft a request to disconnect a site's OAuth connection. network ninjaforms CWE-352	5.8
2021-04-05	CVE-2021-24165	Open Redirect vulnerability in Ninjaforms Ninja Forms In the Ninja Forms Contact Form WordPress plugin before 3.4.34, the wp_ajax_nf_oauth_connect AJAX action was vulnerable to open redirect due to the use of a user supplied redirect parameter and no protection in place. network ninjaforms CWE-601	5.8
2021-04-05	CVE-2021-24164	Missing Authorization vulnerability in Ninjaforms Ninja Forms In the Ninja Forms Contact Form WordPress plugin before 3.4.34.1, low-level users, such as subscribers, were able to trigger the action, wp_ajax_nf_oauth, and retrieve the connection url needed to establish a connection. network low complexity ninjaforms CWE-862	4.0
2021-01-06	CVE-2020-36175	Incorrect Authorization vulnerability in Ninjaforms Ninja Forms The Ninja Forms plugin before 3.4.27.1 for WordPress allows attackers to bypass validation via the email field. network low complexity ninjaforms CWE-863	5.0
2021-01-06	CVE-2020-36174	Cross-Site Request Forgery (CSRF) vulnerability in Ninjaforms Ninja Forms The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration. network ninjaforms CWE-352	4.3
2021-01-06	CVE-2020-36173	Incorrect Authorization vulnerability in Ninjaforms Ninja Forms The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for submissions-table fields. network low complexity ninjaforms CWE-863	5.0
2020-04-29	CVE-2020-12462	Cross-Site Request Forgery (CSRF) vulnerability in Ninjaforms Ninja Forms The ninja-forms plugin before 3.4.24.2 for WordPress allows CSRF with resultant XSS. network ninjaforms CWE-352	4.3
2019-08-22	CVE-2018-20981	Improper Input Validation vulnerability in Ninjaforms Ninja Forms The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests. network low complexity ninjaforms CWE-20	6.4
2019-08-22	CVE-2018-20980	Improper Input Validation vulnerability in Ninjaforms Ninja Forms The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering. network low complexity ninjaforms CWE-20	5.0