Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Ninja Forms Security Vulnerabilities

cve
cve

CVE-2020-36174

The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services...

6.5CVSS

6.9AI Score

0.001EPSS

2021-01-06 03:15 PM
19
cve
cve

CVE-2020-36173

The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for submissions-table...

5.3CVSS

7AI Score

0.001EPSS

2021-01-06 03:15 PM
21
cve
cve

CVE-2020-36175

The Ninja Forms plugin before 3.4.27.1 for WordPress allows attackers to bypass validation via the email...

5.3CVSS

6.9AI Score

0.001EPSS

2021-01-06 03:15 PM
23
cve
cve

CVE-2020-12462

The ninja-forms plugin before 3.4.24.2 for WordPress allows CSRF with resultant...

6.1CVSS

6.9AI Score

0.001EPSS

2020-04-29 05:15 PM
48
cve
cve

CVE-2020-8594

The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vulnerabilities via ninja_forms[recaptcha_site_key], ninja_forms[recaptcha_secret_key], ninja_forms[recaptcha_lang], or...

5.4CVSS

6.1AI Score

0.001EPSS

2020-02-14 08:15 PM
124
cve
cve

CVE-2017-18574

The ninja-forms plugin before 3.0.31 for WordPress has insufficient HTML escaping in the...

6.1CVSS

6.9AI Score

0.001EPSS

2019-08-22 01:15 PM
26
cve
cve

CVE-2018-20980

The ninja-forms plugin before 3.2.15 for WordPress has parameter...

7.5CVSS

7AI Score

0.001EPSS

2019-08-22 01:15 PM
23
cve
cve

CVE-2018-20981

The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data...

9.1CVSS

7AI Score

0.002EPSS

2019-08-22 01:15 PM
26
cve
cve

CVE-2018-19796

An open redirect in the Ninja Forms plugin before 3.3.19.1 for WordPress allows Remote Attackers to redirect a user via the lib/StepProcessing/step-processing.php (aka submissions download page) redirect...

6.1CVSS

6.2AI Score

0.003EPSS

2018-12-03 06:29 AM
22
cve
cve

CVE-2018-19287

XSS in the Ninja Forms plugin before 3.3.18 for WordPress allows Remote Attackers to execute JavaScript via the includes/Admin/Menus/Submissions.php (aka submissions page) begin_date, end_date, or form_id...

6.1CVSS

6.1AI Score

0.362EPSS

2018-11-15 06:29 AM
48
cve
cve

CVE-2018-16308

The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV...

8.6CVSS

7.5AI Score

0.003EPSS

2018-09-01 06:29 PM
25
cve
cve

CVE-2018-7280

The Ninja Forms plugin before 3.2.14 for WordPress has...

6.1CVSS

6.3AI Score

0.001EPSS

2018-02-21 04:29 PM
18
cve
cve

CVE-2016-1209

The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST...

9.8CVSS

9.5AI Score

0.929EPSS

2016-05-14 03:59 PM
28
cve
cve

CVE-2014-9688

Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for WordPress has unknown impact and remote attack vectors related to admin...

6.9AI Score

0.002EPSS

2015-03-05 04:59 PM
17
cve
cve

CVE-2015-2220

Multiple cross-site scripting (XSS) vulnerabilities in the Ninja Forms plugin before 2.8.9 for WordPress allow (1) remote attackers to inject arbitrary web script or HTML via the ninja_forms_field_1 parameter in a ninja_forms_ajax_submit action to wp-admin/admin-ajax.php or (2) remote...

5.9AI Score

0.002EPSS

2015-03-05 04:59 PM
27