Vulnerabilities > Ninjaforms > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-04-29 CVE-2020-12462 Cross-Site Request Forgery (CSRF) vulnerability in Ninjaforms Ninja Forms
The ninja-forms plugin before 3.4.24.2 for WordPress allows CSRF with resultant XSS. 		4.3
4.3
2019-08-22 CVE-2018-20981 Improper Input Validation vulnerability in Ninjaforms Ninja Forms
The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests.
network
low complexity
ninjaforms CWE-20
6.4
6.4
2019-08-22 CVE-2018-20980 Improper Input Validation vulnerability in Ninjaforms Ninja Forms
The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering.
network
low complexity
ninjaforms CWE-20
5.0
5.0
2019-08-22 CVE-2017-18574 Improper Input Validation vulnerability in Ninjaforms Ninja Forms
The ninja-forms plugin before 3.0.31 for WordPress has insufficient HTML escaping in the builder.
network
ninjaforms CWE-20
4.3
4.3
2019-05-07 CVE-2019-10869 Unrestricted Upload of File with Dangerous Type vulnerability in Ninjaforms Ninja Forms File Uploads
Path Traversal and Unrestricted File Upload exists in the Ninja Forms plugin before 3.0.23 for WordPress (when the Uploads add-on is activated). 		6.8
6.8
2018-12-03 CVE-2018-19796 Open Redirect vulnerability in Ninjaforms Ninja Forms
An open redirect in the Ninja Forms plugin before 3.3.19.1 for WordPress allows Remote Attackers to redirect a user via the lib/StepProcessing/step-processing.php (aka submissions download page) redirect parameter. 		5.8
5.8
2018-09-01 CVE-2018-16308 Improper Neutralization of Formula Elements in a CSV File vulnerability in Ninjaforms Ninja Forms
The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection. 		6.8
6.8
2018-02-21 CVE-2018-7280 Cross-site Scripting vulnerability in Ninjaforms Ninja Forms
The Ninja Forms plugin before 3.2.14 for WordPress has XSS.
network
ninjaforms CWE-79
4.3
4.3
2015-03-05 CVE-2015-2220 Cross-site Scripting vulnerability in Ninjaforms Ninja Forms
Multiple cross-site scripting (XSS) vulnerabilities in the Ninja Forms plugin before 2.8.9 for WordPress allow (1) remote attackers to inject arbitrary web script or HTML via the ninja_forms_field_1 parameter in a ninja_forms_ajax_submit action to wp-admin/admin-ajax.php or (2) remote administrators to inject arbitrary web script or HTML via the fields[1] parameter to wp-admin/post.php.
network
ninjaforms CWE-79
4.3
4.3