965 matches found
WordPress Ninja Forms 2.9.51 Cross Site Scripting
------------------------------------------------------------------------ Multiple Cross-Site Scripting vulnerabilities in Ninja Forms WordPress Plugin ------------------------------------------------------------------------ Han Sahin, July 2016...
WordPress Ninja Forms Plugin <= 2.9.51 - Multiple Cross Site Scripting
Because of this vulnerability, attackers can inject malicious JavaScript code into the application. Solution Update this plugin...
Ninja Forms <= 2.9.51 - Multiple Authenticated Cross-Site Scripting (XSS)
The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin was affected by a Multiple Authenticated Cross-Site Scripting XSS security vulnerability...
WordPress Ninja Forms Unauthenticated File Upload
No description provided by source...
WordPress Ninja Forms Unauthenticated File Upload
This module requires Metasploit: http://www.metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'WordPress Ninja Forms Unauthenticated File Upload', 'Description' = % Versions 2.9.36 to 2.9.42 of the Ninja Forms plugin...
WordPress Ninja Forms Plugin PHP Object Injection Hole
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports in PHP and MySQL servers to set up a personal blog site . Ninja Forms is one of the form plug-ins . A security vulnerability exists in the WordPress Ninja Forms plugi...
CVE-2016-1209
The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request...
CVE-2016-1209
The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request...
CVE-2016-1209
The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request...
CVE-2016-1209
CVE-2016-1209 affects WordPress Ninja Forms, with vulnerable versions 2.9.36 to 2.9.42 (and 2.9.42.1 as fix variants) allowing remote PHP object injection via crafted POST data, enabling unauthenticated code execution through file upload. Exploitation details are evidenced by Metasploit/Exploit-D...
WordPress plugin "Ninja Forms" vulnerable to PHP object injection
Overview WordPress plugin "Ninja Forms" contains a PHP object injection vulnerability due to a flaw where untrusted POST values are unserialized. Impact A remote attacker may execute an arbitrary PHP code. Solution Update the Software Update to a version that addresses the vulnerability according...
JVN#44657371: WordPress plugin "Ninja Forms" vulnerable to PHP object injection
WordPress plugin "Ninja Forms" contains a PHP object injection vulnerability due to a flaw where untrusted POST values are unserialized. Impact A remote attacker may execute an arbitrary PHP code. Solution Update the Software Update to a version that addresses the vulnerability according to the...
WordPress Ninja Forms Unauthenticated File Upload
Versions 2.9.36 to 2.9.42 of the Ninja Forms plugin contain an unauthenticated file upload vulnerability, allowing guests to upload arbitrary PHP code that can be executed in the context of the web server...
Ninja Forms 2.9.36 to 2.9.42 - Multiple Vulnerabilities
The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin was affected by a Multiple Vulnerabilities security vulnerability...
WordPress Plugin Ninja Forms 2.9.36 < 2.9.42 - File Upload (Metasploit)
This module requires Metasploit: http://www.metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'WordPress Ninja Forms Unauthenticated File Upload', 'Description' = % Versions 2.9.36 to 2.9.42 of the Ninja Forms plugin...
WordPress Ninja Forms Plugin Cross-Site Scripting (CVE-2015-2220)
Multiple cross-site scripting vulnerabilities exist in WordPress Ninja Forms Plugin. Successful exploitation of these vulnerabilities would allow remote attackers to inject an arbitrary web script into the affected system...
WordPress Ninja Forms Plugin <= 2.9.42.0 - PHP Object Injection
This vulnerability allows an attacker to conduct PHP object injection attacks via crafted serialized values in a POST request. Solution Update the plugin...
Ninja Forms <= 2.9.27 - Malicious File Export
The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin was affected by a Malicious File Export security vulnerability...
WordPress Ninja Forms Plugin <= 2.9.27 - Malicious File Export
There is an unknown vulnerability in this plugin. Solution Upgrade this plugin...
Ninja Forms <= 2.9.21 - Authenticated Reflected Cross-Site Scripting (XSS)
The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin was affected by an Authenticated Reflected Cross-Site Scripting XSS security vulnerability. PoC http://www.example.com/wp-admin/admin.php?page=nf-processing=...