Forms < 1.12.3 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not sanitise its input fields, leading to Stored Cross-Site scripting issues. The plugin was vulnerable to an Authenticated Stored Cross-Site Scripting XSS vulnerability within the Forms "Add new" field. Step 1: Install and activate the plugin. Step 2: Go to the Forms-- Add New. St...

CVE-2020-36174

The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration...

Cross site request forgery (csrf)

The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration...

CVE-2020-36175

The Ninja Forms plugin before 3.4.27.1 for WordPress allows attackers to bypass validation via the email field...

CVE-2020-36174

The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration...

VulnCheck KEV: CVE-2020-36720

The Kali Forms plugin for WordPress is vulnerable to Authenticated Options Change in versions up to, and including, 2.1.1. This is due to the updateoption lacking proper authentication checks. This makes it possible for any authenticated attacker to change or delete the plugin's settings...

CVE-2020-13764

The CVE-2020-13764 entry documents an information-disclosure vulnerability in the WordPress Gravity Forms plugin prior to version 2.4.9. The issue arises because common.php exposes hashed passwords by not treating user_pass as a special case for $current_user-&gt;get($property), allowing potentia...

Adobe Acrobat Reader DC XFA Form Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Acroba...

CVE-2018-20981

The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests...

CVE-2018-20980

The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering...

CVE-2018-20981

CVE-2018-20981 affects the WordPress Ninja Forms plugin prior to version 3.3.9. The issue is described as insufficient restrictions on submission-data retrieval during Export Personal Data requests, which could enable access to personal data during the export process. The available connected docu...

CVE-2018-20980

The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering...

CVE-2019-15025

The ninja-forms plugin before 3.3.21.2 for WordPress has SQL injection in the search filter on the submissions page...

Adobe Acrobat Pro DC XFA Form Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Acrobat...

Adobe Acrobat Pro DC XFA Form Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Acrobat...

CVE-2018-19796

CVE-2018-19796 – Open Redirect in Ninja Forms (WordPress) . Affected software: WordPress Ninja Forms plugin versions before 3.3.19.1. Component: lib/StepProcessing/step-processing.php (submission/download page). Root cause: improper handling of the redirect parameter enables remote attackers to r...

Design/Logic Flaw

XSS in the Ninja Forms plugin before 3.3.18 for WordPress allows Remote Attackers to execute JavaScript via the includes/Admin/Menus/Submissions.php aka submissions page begindate, enddate, or formid parameter...

CVE-2018-19287

CVE-2018-19287 affects WordPress Ninja Forms plugin

CVE-2018-7747

Multiple cross-site scripting XSS vulnerabilities in the Caldera Forms plugin before 1.6.0-rc.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 a greeting message, 2 the email transaction log, or 3 an imported form...

CVE-2017-1000033

Wordpress Plugin Vospari Forms version 1.4 is vulnerable to a reflected cross site scripting in the form submission resulting in javascript code execution in the context on the current user...