72 matches found
CVE-2026-32527
CVE-2026-32527 : Missing Authorization in WordPress plugin set WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms. Affected: WP Insightly from versions up to and including 1.1.5. Root cause: incorrect access control enabling unauthorized access across the listed form ...
WordPress WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.5 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms versions = 1.1.5...
CVE-2026-2268 Ninja Forms <= 3.14.0 - Unauthenticated Information Disclosure in nf_ajax_submit AJAX Action
The Ninja Forms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.14.0. This is due to the unsafe application of the ninjaformsmergetags filter to user-supplied input within repeater fields, which allows the resolution of postmeta:KEY mer...
CVE-2026-2268
The Ninja Forms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.14.0. This is due to the unsafe application of the ninjaformsmergetags filter to user-supplied input within repeater fields, which allows the resolution of postmeta:KEY mer...
WordPress Ninja Forms plugin <= 3.14.0 - Unauthenticated Information Disclosure in nf_ajax_submit AJAX Action vulnerability
Unauthenticated Information Disclosure in nfajaxsubmit AJAX Action vulnerability discovered by johska in WordPress Plugin Ninja Forms versions = 3.14.0...
CVE-2022-0888
The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the /includes/ajax/controllers/uploads.php file which can be bypassed making it possible for unauthenticated attackers to upload malicious file...
CVE-2024-2108
The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an image title embedded into a form in all versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. This makes ...
CVE-2025-14072
The Ninja Forms WordPress plugin before 3.13.3 allows unauthenticated attackers to generate valid access tokens via the REST API which can then be used to read form submissions...
CVE-2025-14072
The Ninja Forms WordPress plugin before 3.13.3 allows unauthenticated attackers to generate valid access tokens via the REST API which can then be used to read form submissions...
CVE-2025-14072
The Ninja Forms WordPress plugin before 3.13.3 allows unauthenticated attackers to generate valid access tokens via the REST API which can then be used to read form submissions...
EUVD-2026-0708
The Ninja Forms WordPress plugin before 3.13.3 allows unauthenticated attackers to generate valid access tokens via the REST API which can then be used to read form submissions...
CVE-2025-11924
The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.13.2. This is due to the plugin not properly verifying that a user is authorized before the ninja-forms-views REST endpoints...
EUVD-2025-203882
The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.13.2. This is due to the plugin not properly verifying that a user is authorized before the ninja-forms-views REST endpoints...
EUVD-2021-21298
Malware in sbrugna...
EUVD-2015-2327
Malware in sbrugna...
EUVD-2014-9496
Malware in sbrugna...
EUVD-2019-6112
Malware in sbrugna...
EUVD-2021-11078
Malware in sbrugna...
EUVD-2020-23753
Malware in sbrugna...
EUVD-2021-21297
Malware in sbrugna...