Vulnerabilities > Ninjaforms

DATE CVE VULNERABILITY TITLE RISK
2021-01-06 CVE-2020-36175 Incorrect Authorization vulnerability in Ninjaforms Ninja Forms
The Ninja Forms plugin before 3.4.27.1 for WordPress allows attackers to bypass validation via the email field.
network
low complexity
ninjaforms CWE-863
5.0
2021-01-06 CVE-2020-36174 Cross-Site Request Forgery (CSRF) vulnerability in Ninjaforms Ninja Forms
The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration.
4.3
2021-01-06 CVE-2020-36173 Incorrect Authorization vulnerability in Ninjaforms Ninja Forms
The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for submissions-table fields.
network
low complexity
ninjaforms CWE-863
5.0
2020-04-29 CVE-2020-12462 Cross-Site Request Forgery (CSRF) vulnerability in Ninjaforms Ninja Forms
The ninja-forms plugin before 3.4.24.2 for WordPress allows CSRF with resultant XSS.
4.3
2020-02-14 CVE-2020-8594 Cross-site Scripting vulnerability in Ninjaforms Ninja Forms 3.4.22
The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vulnerabilities via ninja_forms[recaptcha_site_key], ninja_forms[recaptcha_secret_key], ninja_forms[recaptcha_lang], or ninja_forms[date_format].
network
ninjaforms CWE-79
3.5
2019-08-22 CVE-2018-20981 Improper Input Validation vulnerability in Ninjaforms Ninja Forms
The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests.
network
low complexity
ninjaforms CWE-20
6.4
2019-08-22 CVE-2018-20980 Improper Input Validation vulnerability in Ninjaforms Ninja Forms
The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering.
network
low complexity
ninjaforms CWE-20
5.0
2019-08-22 CVE-2017-18574 Improper Input Validation vulnerability in Ninjaforms Ninja Forms
The ninja-forms plugin before 3.0.31 for WordPress has insufficient HTML escaping in the builder.
network
ninjaforms CWE-20
4.3
2019-08-14 CVE-2019-15025 SQL Injection vulnerability in Ninjaforms
The ninja-forms plugin before 3.3.21.2 for WordPress has SQL injection in the search filter on the submissions page.
network
low complexity
ninjaforms CWE-89
7.5
2019-05-07 CVE-2019-10869 Unrestricted Upload of File with Dangerous Type vulnerability in Ninjaforms Ninja Forms File Uploads
Path Traversal and Unrestricted File Upload exists in the Ninja Forms plugin before 3.0.23 for WordPress (when the Uploads add-on is activated).
6.8