Vulnerabilities > Ninjaforms

DATE	CVE	VULNERABILITY TITLE	RISK
2019-08-22	CVE-2018-20981	Improper Input Validation vulnerability in Ninjaforms Ninja Forms The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests. network low complexity ninjaforms CWE-20 critical	9.1
2019-08-22	CVE-2018-20980	Improper Input Validation vulnerability in Ninjaforms Ninja Forms The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering. network low complexity ninjaforms CWE-20	7.5
2019-08-22	CVE-2017-18574	Improper Input Validation vulnerability in Ninjaforms Ninja Forms The ninja-forms plugin before 3.0.31 for WordPress has insufficient HTML escaping in the builder. network low complexity ninjaforms CWE-20	6.1
2019-08-14	CVE-2019-15025	SQL Injection vulnerability in Ninjaforms The ninja-forms plugin before 3.3.21.2 for WordPress has SQL injection in the search filter on the submissions page. network low complexity ninjaforms CWE-89 critical	9.8
2019-05-07	CVE-2019-10869	Unrestricted Upload of File with Dangerous Type vulnerability in Ninjaforms Ninja Forms File Uploads Path Traversal and Unrestricted File Upload exists in the Ninja Forms plugin before 3.0.23 for WordPress (when the Uploads add-on is activated). network high complexity ninjaforms CWE-434	8.1
2018-12-03	CVE-2018-19796	Open Redirect vulnerability in Ninjaforms Ninja Forms An open redirect in the Ninja Forms plugin before 3.3.19.1 for WordPress allows Remote Attackers to redirect a user via the lib/StepProcessing/step-processing.php (aka submissions download page) redirect parameter. network low complexity ninjaforms CWE-601	6.1
2018-09-01	CVE-2018-16308	Improper Neutralization of Formula Elements in a CSV File vulnerability in Ninjaforms Ninja Forms The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection. local low complexity ninjaforms CWE-1236	8.6
2018-02-21	CVE-2018-7280	Cross-site Scripting vulnerability in Ninjaforms Ninja Forms The Ninja Forms plugin before 3.2.14 for WordPress has XSS. network low complexity ninjaforms CWE-79	6.1
2016-05-14	CVE-2016-1209	Improper Input Validation vulnerability in Ninjaforms Ninja Forms The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request. network low complexity ninjaforms CWE-20 critical	9.8

Vulnerabilities > Ninjaforms {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Ninjaforms"}]}

Vulnerabilities > Ninjaforms