Lucene search
+L

964 matches found

NVD
NVD
added 14 hours ago7 views

CVE-2026-15161

The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.3.6. This is due to the savefilter AJAX handler storing the raw $POST'filter' array into a WordPress option via updateoption without any capability check, nonce...

6.4CVSS
Exploits0References2
Nuclei
Nuclei
added 14 hours ago24 views

Ninja Forms 3.8.6-3.8.10 - Cross-Site Scripting

The Ninja Forms WordPress plugin before 3.8.11 does not escape an URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin id: CVE-2024-7354 info: name: Ninja Forms 3.8.6-3.8.10 - Cross-Site Scripting...

6.1CVSS5.2AI score0.00662EPSS
Exploits1References2
Nuclei
Nuclei
added 14 hours ago48 views

WordPress Ninja Forms <3.4.34 - Open Redirect

WordPress Ninja Forms plugin before 3.4.34 contains an open redirect vulnerability via the wpajaxnfoauthconnect AJAX action, due to the use of a user-supplied redirect parameter and no protection in place. An attacker can redirect a user to a malicious site and possibly obtain sensitive...

6.1CVSS6.2AI score0.01643EPSS
Exploits2References5
Nuclei
Nuclei
added 14 hours ago33 views

WordPress Ninja Forms <3.3.18 - Cross-Site Scripting

WordPress Ninja Forms plugin before 3.3.18 contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in includes/Admin/Menus/Submissions.php via the begindate, enddate, or formid parameters. This can allow an attacker to steal cookie-based authentication credentials a...

6.1CVSS6AI score0.08903EPSS
Exploits5References5
NVD
NVD
added 15 hours ago5 views

CVE-2026-15160

The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.6 via the 'spreadsheetexporttmpname' parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to write .xls/.xlsx files ...

4.3CVSS
Exploits0References4
NVD
NVD
added 15 hours ago6 views

CVE-2026-15159

The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.3.6 via the 'spreadsheetexportformid' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, wit...

4.3CVSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 15 hours ago4 views

CVE-2026-15161

The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.3.6. This is due to the savefilter AJAX handler storing the raw $POST'filter' array into a WordPress option via updateoption without any capability check, nonce...

6.4CVSS6.2AI score
Exploits0References3
Cvelist
Cvelist
added 15 hours ago10 views

CVE-2026-15161 Ninja Forms - Excel Export <= 3.3.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'filter' Parameter

The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.3.6. This is due to the savefilter AJAX handler storing the raw $POST'filter' array into a WordPress option via updateoption without any capability check, nonce...

6.4CVSS
Exploits0References2
CVE
CVE
added 15 hours ago9 views

CVE-2026-15161

The Ninja Forms - Excel Export plugin for WordPress (up to v3.3.6) is affected by a Stored XSS due to save_filter() storing raw $_POST['filter'] without capability check, nonce verification, or sanitization. The get_filter_row() code concatenates stored filter values into HTML attributes without ...

6.4CVSS6.2AI score
Exploits0References2
EUVD
EUVD
added 15 hours ago4 views

EUVD-2026-45136

The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.3.6. This is due to the savefilter AJAX handler storing the raw $POST'filter' array into a WordPress option via updateoption without any capability check, nonce...

6.4CVSS6.2AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 17 hours ago3 views

CVE-2026-15160

The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.6 via the 'spreadsheetexporttmpname' parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to write .xls/.xlsx files ...

4.3CVSS6.2AI score
Exploits0References5
CVE
CVE
added 17 hours ago10 views

CVE-2026-15159

Affected software: Ninja Forms - Excel Export plugin for WordPress. Vulnerability type: Insecure Direct Object Reference via the spreadsheet_export_form_id parameter. Root cause: missing validation on a user controlled key. Versions affected: all versions up to and including 3.3.6. Impact: authen...

4.3CVSS6AI score
Exploits0References2
CVE
CVE
added 17 hours ago8 views

CVE-2026-15160

Summary of CVE-2026-15160 : The Ninja Forms - Excel Export plugin for WordPress is vulnerable to a directory traversal flaw in all versions up to and including 3.3.6, exploitable via the spreadsheet_export_tmp_name parameter. This vulnerability allows an authenticated user with subscriber-level a...

4.3CVSS6.2AI score
Exploits0References4
ATTACKERKB
ATTACKERKB
added 17 hours ago2 views

CVE-2026-15159

The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.3.6 via the 'spreadsheetexportformid' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, wit...

4.3CVSS6AI score
Exploits0References3
Cvelist
Cvelist
added 17 hours ago11 views

CVE-2026-15159 Ninja Forms - Excel Export <= 3.3.6 - Insecure Direct Object Reference to Authenticated (Subscriber+) Sensitive Data Disclosure via 'spreadsheet_export_form_id' Parameter

The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.3.6 via the 'spreadsheetexportformid' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, wit...

4.3CVSS
Exploits0References2
Cvelist
Cvelist
added 17 hours ago13 views

CVE-2026-15160 Ninja Forms - Excel Export <= 3.3.6 - Missing Authorization to Authenticated (Subscriber+) XLS Write via Path Traversal

The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.6 via the 'spreadsheetexporttmpname' parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to write .xls/.xlsx files ...

4.3CVSS
Exploits0References4
EUVD
EUVD
added 17 hours ago4 views

EUVD-2026-45127

The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.6 via the 'spreadsheetexporttmpname' parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to write .xls/.xlsx files ...

4.3CVSS6.2AI score
Exploits0References4
EUVD
EUVD
added 17 hours ago7 views

EUVD-2026-45128

The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.3.6 via the 'spreadsheetexportformid' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, wit...

4.3CVSS6AI score
Exploits0References2
Nuclei
Nuclei
added yesterday45 views

Ninja Forms File Uploads <= 3.3.26 - Arbitrary File Upload

Ninja Forms File Uploads plugin for WordPress versions up to and including 3.3.26 is vulnerable to unauthenticated arbitrary file upload which could lead to remote code execution. id: CVE-2026-0740 info: name: Ninja Forms File Uploads = 3.3.26 - Arbitrary File Upload author: whattheslime severity...

9.8CVSS7.2AI score0.54254EPSS
Exploits8References2
NVD
NVD
added 2026/07/03 6:16 a.m.10 views

CVE-2026-12557

The Ninja Forms - File Uploads plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.3.29. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to read all...

5.3CVSS0.00223EPSS
Exploits0References2
Rows per page
Query Builder