911 matches found
CVE-2018-20980
The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering...
CVE-2018-20980
The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering...
CVE-2017-18574
The ninja-forms plugin before 3.0.31 for WordPress has insufficient HTML escaping in the builder...
CVE-2018-20981
The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests...
Hardcoded credentials
The ninja-forms plugin before 3.0.31 for WordPress has insufficient HTML escaping in the builder...
Design/Logic Flaw
The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests...
Code injection
The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering...
CVE-2017-18574
The CVE refers to the Ninja Forms WordPress plugin (before version 3.0.31) with insufficient HTML escaping in the builder, leading to an XSS vulnerability. Affected: Ninja Forms plugin for WordPress; root cause: inadequate escaping in the builder component. Impact: cross-site scripting potential;...
CVE-2017-18574
The ninja-forms plugin before 3.0.31 for WordPress has insufficient HTML escaping in the builder...
CVE-2018-20981
CVE-2018-20981 affects the WordPress Ninja Forms plugin prior to version 3.3.9. The issue is described as insufficient restrictions on submission-data retrieval during Export Personal Data requests, which could enable access to personal data during the export process. The available connected docu...
CVE-2018-20981
The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests...
CVE-2018-20980
The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering...
CVE-2018-20980
CVE-2018-20980 affects the Ninja Forms plugin for WordPress prior to version 3.2.15, with a parameter tampering vulnerability. The NVD metrics indicate a CVSS-3 base score of 7.5 (HIGH), driven by network attack vector, low complexity, no privileges required, but impact on integrity is HIGH while...
WordPress ninja-forms plugin SQL injection vulnerability
WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. ninja-forms is a contact form creation plugin used in it. A SQL injection vulnerability exists in the WordPress ninja-forms plugin...
WordPress Ninja Forms Plugin < 3.3.21.2 SQLi Vulnerability
The WordPress plugin Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the...
CVE-2019-15025
The ninja-forms plugin before 3.3.21.2 for WordPress has SQL injection in the search filter on the submissions page...
CVE-2019-15025
The ninja-forms plugin before 3.3.21.2 for WordPress has SQL injection in the search filter on the submissions page...
Sql injection
The ninja-forms plugin before 3.3.21.2 for WordPress has SQL injection in the search filter on the submissions page...
CVE-2019-15025
The ninja-forms plugin before 3.3.21.2 for WordPress has SQL injection in the search filter on the submissions page...
CVE-2019-15025
The connected documents identify CVE-2019-15025 as a SQL injection vulnerability in the WordPress Ninja Forms plugin. Affected software: Ninja Forms plugin for WordPress (before version 3.3.21.2). The vulnerability exists in the search filter on the submissions page, due to an injection flaw in t...