Vulnerabilities > Ninjateam > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-10-11 CVE-2024-47331 SQL Injection vulnerability in Ninjateam Multi Step for Contact Form 7
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NinjaTeam Multi Step for Contact Form allows SQL Injection.This issue affects Multi Step for Contact Form: from n/a through 2.7.7.
network
low complexity
ninjateam CWE-89
critical
 9.8
9.8
2023-06-07 CVE-2020-36718 Deserialization of Untrusted Data vulnerability in Ninjateam Gpdr Ccpa Compliance Support
The GDPR CCPA Compliance Support plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.3 via deserialization of untrusted input "njt_gdpr_allow_permissions" value.
network
low complexity
ninjateam CWE-502
critical
 9.8
9.8
2021-07-12 CVE-2021-24385 Unspecified vulnerability in Ninjateam Filebird 4.7.3
The Filebird Plugin 4.7.3 introduced a SQL injection vulnerability as it is making SQL queries without escaping user input data from a HTTP post request.
network
low complexity
ninjateam
critical
 9.8
9.8
2021-07-07 CVE-2020-24142 Server-Side Request Forgery (SSRF) vulnerability in Ninjateam Video Downloader for Tiktok 1.3
Server-side request forgery in the Video Downloader for TikTok (aka downloader-tiktok) plugin 1.3 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the njt-tk-download-video parameter.
network
low complexity
ninjateam CWE-918
critical
 9.8
9.8