74 matches found
EUVD-2021-21298
Malware in sbrugna...
EUVD-2021-21297
Malware in sbrugna...
EUVD-2018-13517
Malware in sbrugna...
EUVD-2024-33259
Malicious code in bioql PyPI...
EUVD-2023-33832
Malicious code in bioql PyPI...
CVE-2025-10499
The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.12.0. This is due to missing or incorrect nonce validation on the maybeoptin function. This makes it possible for unauthenticated...
CVE-2025-9083 Ninja-forms < 3.11.1 - Unauthenticated PHP Objection
The Ninja Forms WordPress plugin before 3.11.1 unserializes user input via form field, which could allow Unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...
PT-2025-38301
Name of the Vulnerable Software and Affected Versions Ninja Forms WordPress plugin versions prior to 3.11.1 Description The Ninja Forms WordPress plugin is susceptible to PHP Object Injection due to the unserialization of user-supplied data through form fields. This allows unauthenticated users t...
CVE-2023-35909
Uncontrolled Resource Consumption vulnerability in Saturday Drive Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress leading to DoS.This issue affects Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress: from n/a through 3.6.25...
CVE-2023-5530
The Ninja Forms Contact Form WordPress plugin before 3.6.34 does not sanitize and escape its label fields, which could allow high privilege users such as admin to perform Stored XSS attacks. Only users with the unfilteredhtml capability can perform this, and such users are already allowed to use ...
CVE-2021-24165
In the Ninja Forms Contact Form WordPress plugin before 3.4.34, the wpajaxnfoauthconnect AJAX action was vulnerable to open redirect due to the use of a user supplied redirect parameter and no protection in place...
CVE-2020-8594
The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vulnerabilities via ninjaformsrecaptchasitekey, ninjaformsrecaptchasecretkey, ninjaformsrecaptchalang, or ninjaformsdateformat...
CVE-2020-36174
The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration...
CVE-2020-36175
The Ninja Forms plugin before 3.4.27.1 for WordPress allows attackers to bypass validation via the email field...
CVE-2020-36173
The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for submissions-table fields...
CVE-2018-20981
The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests...
CVE-2019-15025
The ninja-forms plugin before 3.3.21.2 for WordPress has SQL injection in the search filter on the submissions page...
CVE-2018-20980
The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering...
CVE-2025-2561
The Ninja Forms WordPress plugin before 3.10.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2025-2560
The Ninja Forms WordPress plugin before 3.10.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...