Vulnerabilities > Ninjaforms
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-08-30 | CVE-2023-4109 | Unspecified vulnerability in Ninjaforms Ninja Forms Contact Form The Ninja Forms WordPress Ninja Forms Contact Form WordPress plugin before 3.6.26 was affected by a HTML Injection security vulnerability. | 4.8 |
2023-07-27 | CVE-2023-37979 | Cross-site Scripting vulnerability in Ninjaforms Ninja Forms Unauth. | 6.1 |
2023-05-15 | CVE-2023-1835 | Unspecified vulnerability in Ninjaforms Ninja Forms The Ninja Forms Contact Form WordPress plugin before 3.6.22 does not properly escape user input before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 6.1 |
2022-09-26 | CVE-2022-2903 | Deserialization of Untrusted Data vulnerability in Ninjaforms Ninja Forms The Ninja Forms Contact Form WordPress plugin before 3.6.13 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog. | 7.2 |
2022-07-04 | CVE-2021-25056 | Cross-site Scripting vulnerability in Ninjaforms Ninja Forms The Ninja Forms Contact Form WordPress plugin before 3.6.10 does not sanitise and escape field labels, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 4.8 |
2022-07-04 | CVE-2021-25066 | Cross-site Scripting vulnerability in Ninjaforms Ninja Forms The Ninja Forms Contact Form WordPress plugin before 3.6.10 does not sanitize and escape some imported data, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 4.8 |
2022-06-16 | CVE-2021-36827 | Cross-site Scripting vulnerability in Ninjaforms Ninja Forms Auth. | 4.8 |
2022-03-23 | CVE-2022-0888 | Unrestricted Upload of File with Dangerous Type vulnerability in Ninjaforms Ninja Forms File Uploads The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/includes/ajax/controllers/uploads.php file which can be bypassed making it possible for unauthenticated attackers to upload malicious files that can be used to obtain remote code execution, in versions up to and including 3.3.0 | 9.8 |
2022-03-23 | CVE-2022-0889 | Cross-site Scripting vulnerability in Ninjaforms Ninja Forms File Uploads The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to reflected cross-site scripting due to missing sanitization of the files filename parameter found in the ~/includes/ajax/controllers/uploads.php file which can be used by unauthenticated attackers to add malicious web scripts to vulnerable WordPress sites, in versions up to and including 3.3.12. | 6.1 |
2021-11-29 | CVE-2021-24889 | SQL Injection vulnerability in Ninjaforms Ninja Forms The Ninja Forms Contact Form WordPress plugin before 3.6.4 does not escape keys of the fields POST parameter, which could allow high privilege users to perform SQL injections attacks | 7.2 |