Vulnerabilities > Ninjaforms > Ninja Forms > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-08-22 CVE-2017-18574 Improper Input Validation vulnerability in Ninjaforms Ninja Forms
The ninja-forms plugin before 3.0.31 for WordPress has insufficient HTML escaping in the builder.
network
ninjaforms CWE-20
4.3
4.3
2018-12-03 CVE-2018-19796 Open Redirect vulnerability in Ninjaforms Ninja Forms
An open redirect in the Ninja Forms plugin before 3.3.19.1 for WordPress allows Remote Attackers to redirect a user via the lib/StepProcessing/step-processing.php (aka submissions download page) redirect parameter. 		5.8
5.8
2018-09-01 CVE-2018-16308 Improper Neutralization of Formula Elements in a CSV File vulnerability in Ninjaforms Ninja Forms
The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection. 		6.8
6.8
2018-02-21 CVE-2018-7280 Cross-site Scripting vulnerability in Ninjaforms Ninja Forms
The Ninja Forms plugin before 3.2.14 for WordPress has XSS.
network
ninjaforms CWE-79
4.3
4.3
2015-03-05 CVE-2015-2220 Cross-site Scripting vulnerability in Ninjaforms Ninja Forms
Multiple cross-site scripting (XSS) vulnerabilities in the Ninja Forms plugin before 2.8.9 for WordPress allow (1) remote attackers to inject arbitrary web script or HTML via the ninja_forms_field_1 parameter in a ninja_forms_ajax_submit action to wp-admin/admin-ajax.php or (2) remote administrators to inject arbitrary web script or HTML via the fields[1] parameter to wp-admin/post.php.
network
ninjaforms CWE-79
4.3
4.3