74 matches found
CVE-2020-36174
The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration...
CVE-2020-36175
The Ninja Forms plugin before 3.4.27.1 for WordPress allows attackers to bypass validation via the email field...
Cross site request forgery (csrf)
The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration...
CVE-2020-36174
The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration...
CVE-2018-20981
The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests...
CVE-2018-20980
The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering...
CVE-2018-20981
CVE-2018-20981 affects the WordPress Ninja Forms plugin prior to version 3.3.9. The issue is described as insufficient restrictions on submission-data retrieval during Export Personal Data requests, which could enable access to personal data during the export process. The available connected docu...
CVE-2018-20980
The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering...
CVE-2019-15025
The ninja-forms plugin before 3.3.21.2 for WordPress has SQL injection in the search filter on the submissions page...
CVE-2018-19796
CVE-2018-19796 – Open Redirect in Ninja Forms (WordPress) . Affected software: WordPress Ninja Forms plugin versions before 3.3.19.1. Component: lib/StepProcessing/step-processing.php (submission/download page). Root cause: improper handling of the redirect parameter enables remote attackers to r...
Design/Logic Flaw
XSS in the Ninja Forms plugin before 3.3.18 for WordPress allows Remote Attackers to execute JavaScript via the includes/Admin/Menus/Submissions.php aka submissions page begindate, enddate, or formid parameter...
CVE-2018-19287
CVE-2018-19287 affects WordPress Ninja Forms plugin
CVE-2015-2220
Multiple cross-site scripting XSS vulnerabilities in the Ninja Forms plugin before 2.8.9 for WordPress allow 1 remote attackers to inject arbitrary web script or HTML via the ninjaformsfield1 parameter in a ninjaformsajaxsubmit action to wp-admin/admin-ajax.php or 2 remote administrators to injec...
Code injection
Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for WordPress has unknown impact and remote attack vectors related to admin users...