WordPress plugin Ninja Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

EUVD-2024-40648

Malicious code in bioql PyPI...

EUVD-2023-42203

Malicious code in bioql PyPI...

EUVD-2024-45086

Malicious code in bioql PyPI...

PT-2025-27072 · WordPress · Ninja Forms

Name of the Vulnerable Software and Affected Versions: Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress versions up to, and including, 3.10.2.1 Description: The issue is related to Stored Cross-Site Scripting via the use of a templating engine due to insufficient...

CVE-2024-7354

The Ninja Forms WordPress plugin before 3.8.11 does not escape an URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-29220

Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in custom fields for labels. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing to the website using the product...

CVE-2021-24164

In the Ninja Forms Contact Form WordPress plugin before 3.4.34.1, low-level users, such as subscribers, were able to trigger the action, wpajaxnfoauth, and retrieve the connection url needed to establish a connection. They could also retrieve the clientid for an already established OAuth connecti...

CVE-2014-9688

Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for WordPress has unknown impact and remote attack vectors related to admin users...

WordPress plugin Ninja Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-11052

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the calculations parameter in all versions up to, and including, 3.8.19 due to insufficient input sanitization and output escaping. This makes it possible for...

WordPress Ninja Forms – The Contact Form Builder That Grows With You plugin <= 3.8.16 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Hwang Se-yeon in WordPress Plugin Ninja Forms versions = 3.8.16...

Ninja Forms < 3.6.11 - Unauthenticated PHP Object Injection

The plugin does not validate merge tags provided in the request, which could allow unauthenticated attackers to call any static method present in the blog. One from the plugin in particular could allow for PHP Object Injection when a suitable gadget is also present on the blog. Attackers have bee...

WordPress 插件 安全漏洞

WordPress Plugin is an open source application plugin for WordPress. A security vulnerability exists in the WordPress plugin Ninja Forms 3.5.7 and earlier versions, where an authenticated attacker can export all Ninja Forms submissions, which may contain personally identifiable information, via t...