EUVD-2024-16476

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Ninja Forms plugin for WordPress has SQL Injection vulnerability via user email in all versions up to 3.7.1

Reporter	Title	Published	Views	Family All 14
Circl	CVE-2024-0685	2 Feb 202406:31	–	circl
CNNVD	WordPress plugin Ninja Forms Contact Form security vulnerability	2 Feb 202400:00	–	cnnvd
CVE	CVE-2024-0685	2 Feb 202404:32	–	cve
Cvelist	CVE-2024-0685 Ninja Forms Contact Form <= 3.7.1 - Unauthenticated Second Order SQL Injection	2 Feb 202404:32	–	cvelist
NVD	CVE-2024-0685	2 Feb 202405:15	–	nvd
OSV	CVE-2024-0685	2 Feb 202405:15	–	osv
Patchstack	WordPress Ninja Forms Plugin <= 3.7.1 is vulnerable to SQL Injection	1 Feb 202400:00	–	patchstack
Prion	Sql injection	2 Feb 202405:15	–	prion
Positive Technologies	PT-2024-15748 · WordPress · The Ninja Forms Contact Form – The Drag/Drop Form Builder For Wordpress	1 Feb 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-0685	23 May 202507:26	–	redhatcve

[
  {
    "enisaIdVendor": [
      {
        "id": "23caceb8-a811-39d0-be0e-44c8246e026e",
        "vendor": {
          "name": "kstover"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "2c266b08-66e6-3894-a8c3-e4edda756e59",
        "product": {
          "name": "Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress"
        },
        "product_version": "* ≤3.7.1"
      },
      {
        "id": "b739f870-e898-37da-8af3-3402212f658e",
        "product": {
          "name": "Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress"
        }
      }
    ]
  }
]

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/3cb73d5d-ca4a-4103-866d-f7bb369a8ce4
plugins	www.plugins.trac.wordpress.org/changeset/3028929/ninja-forms/trunk/includes/Admin/UserDataRequests.php
sec	www.sec.stealthcopter.com/ninja-contact-forms/

03 Oct 2025 20:07Current

9.2High risk

Vulners AI Score9.2

CVSS 3.15.9 - 9.8

EPSS0.01008

SSVC