Lucene search
+L

965 matches found

Packet Storm
Packet Storm
added 2016/07/19 12:0 a.m.31 views

WordPress Ninja Forms 2.9.51 Cross Site Scripting

------------------------------------------------------------------------ Multiple Cross-Site Scripting vulnerabilities in Ninja Forms WordPress Plugin ------------------------------------------------------------------------ Han Sahin, July 2016...

0.3AI score
Exploits0
Patchstack
Patchstack
added 2016/07/19 12:0 a.m.6 views

WordPress Ninja Forms Plugin <= 2.9.51 - Multiple Cross Site Scripting

Because of this vulnerability, attackers can inject malicious JavaScript code into the application. Solution Update this plugin...

3.5AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2016/07/19 12:0 a.m.8 views

Ninja Forms <= 2.9.51 - Multiple Authenticated Cross-Site Scripting (XSS)

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin was affected by a Multiple Authenticated Cross-Site Scripting XSS security vulnerability...

1.5AI score
Exploits0References3Affected Software1
seebug.org
seebug.org
added 2016/06/02 12:0 a.m.26 views

WordPress Ninja Forms Unauthenticated File Upload

No description provided by source...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2016/05/27 12:0 a.m.64 views

WordPress Ninja Forms Unauthenticated File Upload

This module requires Metasploit: http://www.metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'WordPress Ninja Forms Unauthenticated File Upload', 'Description' = % Versions 2.9.36 to 2.9.42 of the Ninja Forms plugin...

7.5CVSS0.3AI score0.61612EPSS
Exploits4
CNVD
CNVD
added 2016/05/17 12:0 a.m.40 views

WordPress Ninja Forms Plugin PHP Object Injection Hole

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports in PHP and MySQL servers to set up a personal blog site . Ninja Forms is one of the form plug-ins . A security vulnerability exists in the WordPress Ninja Forms plugi...

9.8CVSS7AI score0.61612EPSS
Exploits4References1
NVD
NVD
added 2016/05/14 3:59 p.m.25 views

CVE-2016-1209

The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request...

9.8CVSS9.6AI score0.61612EPSS
Exploits4References8
OSV
OSV
added 2016/05/14 3:59 p.m.7 views

CVE-2016-1209

The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request...

9.8CVSS5.9AI score0.61612EPSS
Exploits4References8
Cvelist
Cvelist
added 2016/05/14 3:0 p.m.34 views

CVE-2016-1209

The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request...

9.7AI score0.61612EPSS
Exploits4References8
CVE
CVE
added 2016/05/14 3:0 p.m.74 views

CVE-2016-1209

CVE-2016-1209 affects WordPress Ninja Forms, with vulnerable versions 2.9.36 to 2.9.42 (and 2.9.42.1 as fix variants) allowing remote PHP object injection via crafted POST data, enabling unauthenticated code execution through file upload. Exploitation details are evidenced by Metasploit/Exploit-D...

9.8CVSS9.5AI score0.61612EPSS
Exploits4References8Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/05/13 5:27 a.m.42 views

WordPress plugin "Ninja Forms" vulnerable to PHP object injection

Overview WordPress plugin "Ninja Forms" contains a PHP object injection vulnerability due to a flaw where untrusted POST values are unserialized. Impact A remote attacker may execute an arbitrary PHP code. Solution Update the Software Update to a version that addresses the vulnerability according...

9.8CVSS7.4AI score0.61612EPSS
Exploits4References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/05/13 12:0 a.m.67 views

JVN#44657371: WordPress plugin "Ninja Forms" vulnerable to PHP object injection

WordPress plugin "Ninja Forms" contains a PHP object injection vulnerability due to a flaw where untrusted POST values are unserialized. Impact A remote attacker may execute an arbitrary PHP code. Solution Update the Software Update to a version that addresses the vulnerability according to the...

9.8CVSS9.6AI score0.61612EPSS
Exploits4
Metasploit
Metasploit
added 2016/05/04 12:0 a.m.23 views

WordPress Ninja Forms Unauthenticated File Upload

Versions 2.9.36 to 2.9.42 of the Ninja Forms plugin contain an unauthenticated file upload vulnerability, allowing guests to upload arbitrary PHP code that can be executed in the context of the web server...

5.2AI score
Exploits0
WPVulnDB
WPVulnDB
added 2016/05/04 12:0 a.m.27 views

Ninja Forms 2.9.36 to 2.9.42 - Multiple Vulnerabilities

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin was affected by a Multiple Vulnerabilities security vulnerability...

7.5CVSS1.9AI score0.61612EPSS
Exploits4References2Affected Software1
Exploit DB
Exploit DB
added 2016/05/04 12:0 a.m.44 views

WordPress Plugin Ninja Forms 2.9.36 &lt; 2.9.42 - File Upload (Metasploit)

This module requires Metasploit: http://www.metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'WordPress Ninja Forms Unauthenticated File Upload', 'Description' = % Versions 2.9.36 to 2.9.42 of the Ninja Forms plugin...

9.8CVSS7.4AI score0.61612EPSS
Exploits4
Check Point Advisories
Check Point Advisories
added 2016/02/01 12:0 a.m.15 views

WordPress Ninja Forms Plugin Cross-Site Scripting (CVE-2015-2220)

Multiple cross-site scripting vulnerabilities exist in WordPress Ninja Forms Plugin. Successful exploitation of these vulnerabilities would allow remote attackers to inject an arbitrary web script into the affected system...

4.3CVSS4.9AI score0.02041EPSS
Exploits1
Patchstack
Patchstack
added 2015/12/26 12:0 a.m.32 views

WordPress Ninja Forms Plugin <= 2.9.42.0 - PHP Object Injection

This vulnerability allows an attacker to conduct PHP object injection attacks via crafted serialized values in a POST request. Solution Update the plugin...

9.8CVSS4.3AI score0.61612EPSS
Exploits4References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/09/30 12:0 a.m.14 views

Ninja Forms <= 2.9.27 - Malicious File Export

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin was affected by a Malicious File Export security vulnerability...

1.4AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2015/09/30 12:0 a.m.10 views

WordPress Ninja Forms Plugin <= 2.9.27 - Malicious File Export

There is an unknown vulnerability in this plugin. Solution Upgrade this plugin...

2.9AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/08/04 12:0 a.m.14 views

Ninja Forms <= 2.9.21 - Authenticated Reflected Cross-Site Scripting (XSS)

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin was affected by an Authenticated Reflected Cross-Site Scripting XSS security vulnerability. PoC http://www.example.com/wp-admin/admin.php?page=nf-processing=...

Exploits0References2Affected Software1
Rows per page
Query Builder