Ninja Forms 2.9.36 to 2.9.42 - Multiple Vulnerabilities

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin was affected by a Multiple Vulnerabilities security vulnerability...

WordPress Ninja Forms Plugin Cross-Site Scripting (CVE-2015-2220)

Multiple cross-site scripting vulnerabilities exist in WordPress Ninja Forms Plugin. Successful exploitation of these vulnerabilities would allow remote attackers to inject an arbitrary web script into the affected system...

WordPress Ninja Forms Plugin <= 2.9.42.0 - PHP Object Injection

This vulnerability allows an attacker to conduct PHP object injection attacks via crafted serialized values in a POST request. Solution Update the plugin...

WordPress Ninja Forms Plugin <= 2.9.27 - Malicious File Export

There is an unknown vulnerability in this plugin. Solution Upgrade this plugin...

Ninja Forms <= 2.9.27 - Malicious File Export

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin was affected by a Malicious File Export security vulnerability...

Ninja Forms <= 2.9.21 - Authenticated Reflected Cross-Site Scripting (XSS)

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin was affected by an Authenticated Reflected Cross-Site Scripting XSS security vulnerability. PoC http://www.example.com/wp-admin/admin.php?page=nf-processing=...

Ninja Forms <= 2.9.21 - Authenticated Reflected Cross-Site Scripting (XSS)

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin was affected by an Authenticated Reflected Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-admin/admin.php?page=nf-processing&title=alert123;...

WordPress Ninja Forms 2.9.21 Cross Site Scripting Vulnerability

WordPress Ninja Forms plugin version 2.9.21 suffers from a cross site scripting vulnerability. Title: WordPress 'Ninja Forms' Plugin - XSS Version: 2.9.21 Author: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej Date: 2015/07/14 Download: https://wordpress.org/plugins/ninja-forms/ Contacted authors:...

WordPress Ninja Forms Plugin <= 2.9.21 - Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...

WordPress Ninja Forms 2.9.21 Cross Site Scripting

Title: WordPress 'Ninja Forms' Plugin - XSS Version: 2.9.21 Author: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej Date: 2015/07/14 Download: https://wordpress.org/plugins/ninja-forms/ Contacted authors: 2015/07/14 ========================================================== Description:...

WordPress Ninja Forms Plugin <= 2.9.18 - Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...

Ninja Forms <= 2.9.18 - Cross-Site Scripting (XSS)

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...

Ninja Forms <= 2.9.10 - Cross-Site Scripting (XSS)

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...

WordPress Plugin Ninja Forms Cross-Site Scripting Vulnerability

WordPress is a use of PHP language development blog platform, users can support PHP and MySQL database server set up their own weblog. WordPress Ninja Forms suffers from a cross-site scripting vulnerability that can be exploited by remote attackers to construct malicious URIs, trick users into...

CVE-2015-2220

Multiple cross-site scripting XSS vulnerabilities in the Ninja Forms plugin before 2.8.9 for WordPress allow 1 remote attackers to inject arbitrary web script or HTML via the ninjaformsfield1 parameter in a ninjaformsajaxsubmit action to wp-admin/admin-ajax.php or 2 remote administrators to injec...

Code injection

Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for WordPress has unknown impact and remote attack vectors related to admin users...

CVE-2014-9688

Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for WordPress has unknown impact and remote attack vectors related to admin users...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Ninja Forms plugin before 2.8.9 for WordPress allow 1 remote attackers to inject arbitrary web script or HTML via the ninjaformsfield1 parameter in a ninjaformsajaxsubmit action to wp-admin/admin-ajax.php or 2 remote administrators to injec...

CVE-2014-9688

CVE-2014-9688 concerns the Ninja Forms WordPress plugin, specifically versions before 2.8.10. The connected sources describe an unspecified vulnerability with unknown impact and remote attack vectors related to admin users. The NVD metrics indicate partial confidentiality, integrity, and availabi...

CVE-2014-9688

Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for WordPress has unknown impact and remote attack vectors related to admin users...