Vulnerabilities > Ninjaforms
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-03 | CVE-2018-19796 | Open Redirect vulnerability in Ninjaforms Ninja Forms An open redirect in the Ninja Forms plugin before 3.3.19.1 for WordPress allows Remote Attackers to redirect a user via the lib/StepProcessing/step-processing.php (aka submissions download page) redirect parameter. | 5.8 |
| 2018-09-01 | CVE-2018-16308 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Ninjaforms Ninja Forms The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection. | 6.8 |
| 2018-02-21 | CVE-2018-7280 | Cross-site Scripting vulnerability in Ninjaforms Ninja Forms The Ninja Forms plugin before 3.2.14 for WordPress has XSS. | 4.3 |
| 2016-05-14 | CVE-2016-1209 | Improper Input Validation vulnerability in Ninjaforms Ninja Forms The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request. | 7.5 |
| 2015-03-05 | CVE-2015-2220 | Cross-site Scripting vulnerability in Ninjaforms Ninja Forms Multiple cross-site scripting (XSS) vulnerabilities in the Ninja Forms plugin before 2.8.9 for WordPress allow (1) remote attackers to inject arbitrary web script or HTML via the ninja_forms_field_1 parameter in a ninja_forms_ajax_submit action to wp-admin/admin-ajax.php or (2) remote administrators to inject arbitrary web script or HTML via the fields[1] parameter to wp-admin/post.php. | 4.3 |
| 2015-03-05 | CVE-2014-9688 | Remote Security vulnerability in Ninja Forms Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for WordPress has unknown impact and remote attack vectors related to admin users. | 7.5 |