Vulnerabilities > Ninjaforms > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-26 | CVE-2024-39628 | Cross-Site Request Forgery (CSRF) vulnerability in Ninjaforms Ninja Forms Cross-Site Request Forgery (CSRF) vulnerability in Saturday Drive Ninja Forms allows Cross Site Request Forgery.This issue affects Ninja Forms: from n/a through 3.8.6. | 8.8 |
| 2024-06-19 | CVE-2023-38393 | Missing Authorization vulnerability in Ninjaforms Ninja Forms Missing Authorization vulnerability in Saturday Drive Ninja Forms.This issue affects Ninja Forms: from n/a through 3.6.25. | 8.8 |
| 2022-09-26 | CVE-2022-2903 | Deserialization of Untrusted Data vulnerability in Ninjaforms Ninja Forms The Ninja Forms Contact Form WordPress plugin before 3.6.13 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog. | 7.2 |
| 2021-04-05 | CVE-2021-24163 | Missing Authorization vulnerability in Ninjaforms Ninja Forms The AJAX action, wp_ajax_ninja_forms_sendwp_remote_install_handler, did not have a capability check on it, nor did it have any nonce protection, therefore making it possible for low-level users, such as subscribers, to install and activate the SendWP Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 and retrieve the client_secret key needed to establish the SendWP connection while also installing the SendWP plugin. | 8.8 |
| 2019-08-14 | CVE-2019-15025 | SQL Injection vulnerability in Ninjaforms The ninja-forms plugin before 3.3.21.2 for WordPress has SQL injection in the search filter on the submissions page. | 7.5 |
| 2016-05-14 | CVE-2016-1209 | Improper Input Validation vulnerability in Ninjaforms Ninja Forms The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request. | 7.5 |
| 2015-03-05 | CVE-2014-9688 | Remote Security vulnerability in Ninja Forms Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for WordPress has unknown impact and remote attack vectors related to admin users. | 7.5 |