Vulnerabilities > Ninjaforms
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-01-06 | CVE-2020-36175 | Incorrect Authorization vulnerability in Ninjaforms Ninja Forms The Ninja Forms plugin before 3.4.27.1 for WordPress allows attackers to bypass validation via the email field. | 5.0 |
2021-01-06 | CVE-2020-36174 | Cross-Site Request Forgery (CSRF) vulnerability in Ninjaforms Ninja Forms The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration. | 4.3 |
2021-01-06 | CVE-2020-36173 | Incorrect Authorization vulnerability in Ninjaforms Ninja Forms The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for submissions-table fields. | 5.0 |
2020-04-29 | CVE-2020-12462 | Cross-Site Request Forgery (CSRF) vulnerability in Ninjaforms Ninja Forms The ninja-forms plugin before 3.4.24.2 for WordPress allows CSRF with resultant XSS. | 4.3 |
2020-02-14 | CVE-2020-8594 | Cross-site Scripting vulnerability in Ninjaforms Ninja Forms 3.4.22 The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vulnerabilities via ninja_forms[recaptcha_site_key], ninja_forms[recaptcha_secret_key], ninja_forms[recaptcha_lang], or ninja_forms[date_format]. | 3.5 |
2019-08-22 | CVE-2018-20981 | Improper Input Validation vulnerability in Ninjaforms Ninja Forms The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests. | 6.4 |
2019-08-22 | CVE-2018-20980 | Improper Input Validation vulnerability in Ninjaforms Ninja Forms The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering. | 5.0 |
2019-08-22 | CVE-2017-18574 | Improper Input Validation vulnerability in Ninjaforms Ninja Forms The ninja-forms plugin before 3.0.31 for WordPress has insufficient HTML escaping in the builder. | 4.3 |
2019-08-14 | CVE-2019-15025 | SQL Injection vulnerability in Ninjaforms The ninja-forms plugin before 3.3.21.2 for WordPress has SQL injection in the search filter on the submissions page. | 7.5 |
2019-05-07 | CVE-2019-10869 | Unrestricted Upload of File with Dangerous Type vulnerability in Ninjaforms Ninja Forms File Uploads Path Traversal and Unrestricted File Upload exists in the Ninja Forms plugin before 3.0.23 for WordPress (when the Uploads add-on is activated). | 6.8 |