Vulnerabilities > Ninjaforms

DATE	CVE	VULNERABILITY TITLE	RISK
2019-05-07	CVE-2019-10869	Unrestricted Upload of File with Dangerous Type vulnerability in Ninjaforms Ninja Forms File Uploads Path Traversal and Unrestricted File Upload exists in the Ninja Forms plugin before 3.0.23 for WordPress (when the Uploads add-on is activated). network high complexity ninjaforms CWE-434	8.1
2018-12-03	CVE-2018-19796	Open Redirect vulnerability in Ninjaforms Ninja Forms An open redirect in the Ninja Forms plugin before 3.3.19.1 for WordPress allows Remote Attackers to redirect a user via the lib/StepProcessing/step-processing.php (aka submissions download page) redirect parameter. network low complexity ninjaforms CWE-601	6.1
2018-09-01	CVE-2018-16308	Improper Neutralization of Formula Elements in a CSV File vulnerability in Ninjaforms Ninja Forms The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection. local low complexity ninjaforms CWE-1236	8.6
2018-02-21	CVE-2018-7280	Cross-site Scripting vulnerability in Ninjaforms Ninja Forms The Ninja Forms plugin before 3.2.14 for WordPress has XSS. network low complexity ninjaforms CWE-79	6.1
2016-05-14	CVE-2016-1209	Improper Input Validation vulnerability in Ninjaforms Ninja Forms The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request. network low complexity ninjaforms CWE-20 critical	9.8

Vulnerabilities > Ninjaforms {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Ninjaforms"}]}