Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Ninjaforms Subscribe
Total 36 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-36175 1 Ninjaforms 1 Ninja Forms 2021-07-21 5.0 MEDIUM 5.3 MEDIUM
The Ninja Forms plugin before 3.4.27.1 for WordPress allows attackers to bypass validation via the email field.
CVE-2021-24165 1 Ninjaforms 1 Ninja Forms 2021-04-09 5.8 MEDIUM 6.1 MEDIUM
In the Ninja Forms Contact Form WordPress plugin before 3.4.34, the wp_ajax_nf_oauth_connect AJAX action was vulnerable to open redirect due to the use of a user supplied redirect parameter and no protection in place.
CVE-2021-24166 1 Ninjaforms 1 Ninja Forms 2021-04-09 5.8 MEDIUM 5.4 MEDIUM
The wp_ajax_nf_oauth_disconnect from the Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 had no nonce protection making it possible for attackers to craft a request to disconnect a site's OAuth connection.
CVE-2020-36174 1 Ninjaforms 1 Ninja Forms 2021-01-08 4.3 MEDIUM 6.5 MEDIUM
The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration.
CVE-2018-16308 1 Ninjaforms 1 Ninja Forms 2020-08-24 6.8 MEDIUM 8.6 HIGH
The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection.
CVE-2020-12462 1 Ninjaforms 1 Ninja Forms 2020-05-06 4.3 MEDIUM 6.1 MEDIUM
The ninja-forms plugin before 3.4.24.2 for WordPress allows CSRF with resultant XSS.
CVE-2018-19796 1 Ninjaforms 1 Ninja Forms 2020-03-03 5.8 MEDIUM 6.1 MEDIUM
An open redirect in the Ninja Forms plugin before 3.3.19.1 for WordPress allows Remote Attackers to redirect a user via the lib/StepProcessing/step-processing.php (aka submissions download page) redirect parameter.
CVE-2020-8594 1 Ninjaforms 1 Ninja Forms 2020-02-18 3.5 LOW 5.4 MEDIUM
The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vulnerabilities via ninja_forms[recaptcha_site_key], ninja_forms[recaptcha_secret_key], ninja_forms[recaptcha_lang], or ninja_forms[date_format].
CVE-2018-20981 1 Ninjaforms 1 Ninja Forms 2019-08-26 6.4 MEDIUM 9.1 CRITICAL
The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests.
CVE-2018-20980 1 Ninjaforms 1 Ninja Forms 2019-08-26 5.0 MEDIUM 7.5 HIGH
The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering.
CVE-2017-18574 1 Ninjaforms 1 Ninja Forms 2019-08-26 4.3 MEDIUM 6.1 MEDIUM
The ninja-forms plugin before 3.0.31 for WordPress has insufficient HTML escaping in the builder.
CVE-2019-15025 1 Ninjaforms 1 Ninjaforms 2019-08-20 7.5 HIGH 9.8 CRITICAL
The ninja-forms plugin before 3.3.21.2 for WordPress has SQL injection in the search filter on the submissions page.
CVE-2015-2220 1 Ninjaforms 1 Ninja Forms 2018-10-09 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Ninja Forms plugin before 2.8.9 for WordPress allow (1) remote attackers to inject arbitrary web script or HTML via the ninja_forms_field_1 parameter in a ninja_forms_ajax_submit action to wp-admin/admin-ajax.php or (2) remote administrators to inject arbitrary web script or HTML via the fields[1] parameter to wp-admin/post.php.
CVE-2018-7280 1 Ninjaforms 1 Ninja Forms 2018-03-05 4.3 MEDIUM 6.1 MEDIUM
The Ninja Forms plugin before 3.2.14 for WordPress has XSS.
CVE-2016-1209 1 Ninjaforms 1 Ninja Forms 2016-06-23 7.5 HIGH 9.8 CRITICAL
The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request.
CVE-2014-9688 1 Ninjaforms 1 Ninja Forms 2015-03-05 7.5 HIGH N/A
Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for WordPress has unknown impact and remote attack vectors related to admin users.