Vulnerabilities > Ninjaforms

DATE	CVE	VULNERABILITY TITLE	RISK
2020-04-29	CVE-2020-12462	Cross-Site Request Forgery (CSRF) vulnerability in Ninjaforms Ninja Forms The ninja-forms plugin before 3.4.24.2 for WordPress allows CSRF with resultant XSS. network low complexity ninjaforms CWE-352	6.1
2020-02-14	CVE-2020-8594	Cross-site Scripting vulnerability in Ninjaforms Ninja Forms 3.4.22 The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vulnerabilities via ninja_forms[recaptcha_site_key], ninja_forms[recaptcha_secret_key], ninja_forms[recaptcha_lang], or ninja_forms[date_format]. network low complexity ninjaforms CWE-79	5.4
2019-08-22	CVE-2018-20981	Improper Input Validation vulnerability in Ninjaforms Ninja Forms The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests. network low complexity ninjaforms CWE-20 critical	9.1
2019-08-22	CVE-2018-20980	Improper Input Validation vulnerability in Ninjaforms Ninja Forms The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering. network low complexity ninjaforms CWE-20	7.5
2019-08-22	CVE-2017-18574	Improper Input Validation vulnerability in Ninjaforms Ninja Forms The ninja-forms plugin before 3.0.31 for WordPress has insufficient HTML escaping in the builder. network low complexity ninjaforms CWE-20	6.1
2019-08-14	CVE-2019-15025	SQL Injection vulnerability in Ninjaforms The ninja-forms plugin before 3.3.21.2 for WordPress has SQL injection in the search filter on the submissions page. network low complexity ninjaforms CWE-89 critical	9.8
2019-05-07	CVE-2019-10869	Unrestricted Upload of File with Dangerous Type vulnerability in Ninjaforms Ninja Forms File Uploads Path Traversal and Unrestricted File Upload exists in the Ninja Forms plugin before 3.0.23 for WordPress (when the Uploads add-on is activated). network high complexity ninjaforms CWE-434	8.1
2018-12-03	CVE-2018-19796	Open Redirect vulnerability in Ninjaforms Ninja Forms An open redirect in the Ninja Forms plugin before 3.3.19.1 for WordPress allows Remote Attackers to redirect a user via the lib/StepProcessing/step-processing.php (aka submissions download page) redirect parameter. network low complexity ninjaforms CWE-601	6.1
2018-09-01	CVE-2018-16308	Improper Neutralization of Formula Elements in a CSV File vulnerability in Ninjaforms Ninja Forms The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection. local low complexity ninjaforms CWE-1236	8.6
2018-02-21	CVE-2018-7280	Cross-site Scripting vulnerability in Ninjaforms Ninja Forms The Ninja Forms plugin before 3.2.14 for WordPress has XSS. network low complexity ninjaforms CWE-79	6.1

Vulnerabilities > Ninjaforms {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Ninjaforms"}]}

Vulnerabilities > Ninjaforms