Vulnerabilities > Ninjateam

DATE CVE VULNERABILITY TITLE RISK
2025-01-24 CVE-2025-24591 Missing Authorization vulnerability in Ninjateam Gdpr Ccpa Compliance & Cookie Consent Banner
Missing Authorization vulnerability in NinjaTeam GDPR CCPA Compliance Support allows Exploiting Incorrectly Configured Access Control Security Levels.
network
low complexity
ninjateam CWE-862
8.8
8.8
2024-12-19 CVE-2024-12331 Missing Authorization vulnerability in Ninjateam Filester
The File Manager Pro – Filester plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_install_plugin' function in all versions up to, and including, 1.8.6.
network
low complexity
ninjateam CWE-862
4.3
4.3
2024-11-28 CVE-2024-8066 Unspecified vulnerability in Ninjateam Filester
The File Manager Pro – Filester plugin for WordPress is vulnerable to arbitrary file uploads due to missing validation in the 'fsConnector' function in all versions up to, and including, 1.8.6.
network
low complexity
ninjateam
8.8
8.8
2024-11-28 CVE-2024-9669 Path Traversal vulnerability in Ninjateam Filester
The File Manager Pro – Filester plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 1.8.5 via the 'fm_locale' parameter.
network
low complexity
ninjateam CWE-22
7.2
7.2
2024-10-18 CVE-2024-10055 Cross-site Scripting vulnerability in Ninjateam Click to Chat
The Click to Chat – WP Support All-in-One Floating Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpsaio_snapchat shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
ninjateam CWE-79
5.4
5.4
2024-10-17 CVE-2024-49281 Cross-site Scripting vulnerability in Ninjateam Click to Chat
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NinjaTeam Click to Chat – WP Support All-in-One Floating Widget allows Stored XSS.This issue affects Click to Chat – WP Support All-in-One Floating Widget: from n/a through 2.3.3.
network
low complexity
ninjateam CWE-79
5.4
5.4
2024-10-11 CVE-2024-47331 SQL Injection vulnerability in Ninjateam Multi Step for Contact Form 7
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NinjaTeam Multi Step for Contact Form allows SQL Injection.This issue affects Multi Step for Contact Form: from n/a through 2.7.7.
network
low complexity
ninjateam CWE-89
critical
 9.8
9.8
2024-09-13 CVE-2024-6493 Cross-site Scripting vulnerability in Ninjateam Header Footer Custom Code
The NinjaTeam Header Footer Custom Code WordPress plugin before 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
network
low complexity
ninjateam CWE-79
4.8
4.8
2024-09-13 CVE-2024-6617 Cross-site Scripting vulnerability in Ninjateam Header Footer Custom Code
The NinjaTeam Header Footer Custom Code WordPress plugin before 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
network
low complexity
ninjateam CWE-79
4.8
4.8
2024-08-03 CVE-2024-7031 Unspecified vulnerability in Ninjateam Filester
The File Manager Pro – Filester plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'njt_fs_saveSettingRestrictions' function in all versions up to, and including, 1.8.2.
network
low complexity
ninjateam
8.8
8.8