Lucene search
K

74 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 7:30 p.m.11 views

CVE-2022-0889

The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to reflected cross-site scripting due to missing sanitization of the files filename parameter found in the /includes/ajax/controllers/uploads.php file which can be used by unauthenticated attackers to add malicious web script...

7.2CVSS6.1AI score0.00748EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 1:41 a.m.8 views

CVE-2024-11052

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the calculations parameter in all versions up to, and including, 3.8.19 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS6.1AI score0.00312EPSS
Exploits0References1
CVE
CVE
added 2024/12/12 5:24 a.m.90 views

CVE-2024-11052

CVE-2024-11052 affects Ninja Forms – The Contact Form Builder That Grows With You (WordPress). In all versions up to 3.8.19, the plugin is vulnerable to Stored Cross‑Site Scripting via the calculations parameter due to insufficient input sanitization and output escaping, enabling unauthenticated ...

7.2CVSS6.2AI score0.00312EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/11/13 2:2 a.m.14 views

CVE-2024-10717 Styler for Ninja Forms <= 3.3.4 - Authenticated (Subscriber+) Arbitrary Option Deletion via deactivate_license

The Styler for Ninja Forms plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the deactivatelicense function in all versions up to, and including, 3.3.4. This makes it possible for authenticated...

6.5CVSS0.00398EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/11/12 12:0 a.m.15 views

WordPress Styler for Ninja Forms Plugin <= 3.3.4 is vulnerable to Settings Change

Software Styler for Ninja Forms Type Plugin Vulnerable versions = 3.3.4 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Settings Change CVE CVE-2024-10717 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 2b68f06a005e Credits...

6.5CVSS6.5AI score0.00398EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/10/28 12:0 a.m.15 views

WordPress Ninja Forms Plugin <= 3.8.16 is vulnerable to Cross Site Scripting (XSS)

Software Ninja Forms Type Plugin Vulnerable versions = 3.8.16 Fixed in 3.8.18 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50515 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID e2d92f3518fa Credits Hwang Se-yeon Required privilege...

5.9CVSS6.5AI score0.0038EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/09/02 8:15 a.m.5 views

CVE-2024-7354

The Ninja Forms WordPress plugin before 3.8.11 does not escape an URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS5.8AI score0.00662EPSS
Exploits1References1
Patchstack
Patchstack
added 2024/07/24 8:33 a.m.6 views

WordPress Ninja Forms plugin <= 3.8.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Ninja Forms versions = 3.8.6...

8.8CVSS7AI score0.0019EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2024/06/03 11:49 a.m.33 views

CVE-2024-35632 WordPress Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in CRM Perks. Integration for Contact Form 7 and Constant Contact.This issue affects Integration for Contact Form 7 and Constant Contact: from n/a through 1.1.5...

4.3CVSS5.1AI score0.00172EPSS
Exploits0References1
Patchstack
Patchstack
added 2023/11/07 12:0 a.m.20 views

WordPress Ninja Forms Plugin < 3.6.34 is vulnerable to Cross Site Scripting (XSS)

Software Ninja Forms Type Plugin Vulnerable versions 3.6.34 Fixed in 3.6.34 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5530 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a9b2d204bb4c Credits Jonathan Zamora Required...

4.8CVSS6AI score0.0062EPSS
Exploits2References3Affected Software1
OSV
OSV
added 2023/11/06 9:15 p.m.3 views

CVE-2023-5530

The Ninja Forms Contact Form WordPress plugin before 3.6.34 does not sanitize and escape its label fields, which could allow high privilege users such as admin to perform Stored XSS attacks. Only users with the unfilteredhtml capability can perform this, and such users are already allowed to use ...

4.8CVSS5.8AI score0.0062EPSS
Exploits2References2
OSV
OSV
added 2023/08/30 3:15 p.m.4 views

CVE-2023-4109

The Ninja Forms WordPress Ninja Forms Contact Form WordPress plugin before 3.6.26 was affected by a HTML Injection security vulnerability...

4.8CVSS7.3AI score0.00379EPSS
Exploits2References1
OSV
OSV
added 2023/05/15 1:15 p.m.5 views

CVE-2023-1835

The Ninja Forms Contact Form WordPress plugin before 3.6.22 does not properly escape user input before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS6.8AI score0.00925EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2023/01/18 12:0 a.m.6 views

VulnCheck KEV: CVE-2021-24164

In the Ninja Forms Contact Form WordPress plugin before 3.4.34.1, low-level users, such as subscribers, were able to trigger the action, wpajaxnfoauth, and retrieve the connection url needed to establish a connection. They could also retrieve the clientid for an already established OAuth...

4.3CVSS5.8AI score0.00889EPSS
Exploits2References1
OSV
OSV
added 2021/11/29 9:15 a.m.5 views

CVE-2021-24889

The Ninja Forms Contact Form WordPress plugin before 3.6.4 does not escape keys of the fields POST parameter, which could allow high privilege users to perform SQL injections attacks...

7.2CVSS5.9AI score0.01275EPSS
Exploits2References1
OpenVAS
OpenVAS
added 2021/10/12 12:0 a.m.16 views

WordPress Ninja Forms Plugin < 3.5.8 Multiple Vulnerabilities

The WordPress plugin Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

6.5CVSS6.9AI score0.01122EPSS
Exploits4References2
OSV
OSV
added 2021/09/22 6:15 p.m.5 views

CVE-2021-34648

The Ninja Forms WordPress plugin is vulnerable to arbitrary email sending via the triggeremailaction function found in the /includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to send arbitrary emails from the affected server via the...

4.3CVSS5.8AI score0.00636EPSS
Exploits2References2
OSV
OSV
added 2021/09/22 6:15 p.m.5 views

CVE-2021-34647

The Ninja Forms WordPress plugin is vulnerable to sensitive information disclosure via the bulkexportsubmissions function found in the /includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to export all Ninja Forms submissions data via t...

6.5CVSS5.7AI score0.01122EPSS
Exploits2References2
Wordfence Blog
Wordfence Blog
added 2021/09/22 3:0 p.m.35 views

Recently Patched Vulnerabilities in Ninja Forms Plugin Affect Over 1 Million Site Owners

On August 3, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for two vulnerabilities that were discovered in Ninja Forms, a WordPress plugin installed on over 1,000,000 sites. These flaws made it possible for an attacker to export sensitive information and...

4CVSS6.6AI score0.01122EPSS
Exploits4
VulnCheck KEV
VulnCheck KEV
added 2021/09/22 12:0 a.m.3 views

VulnCheck KEV: CVE-2021-34648

The Ninja Forms WordPress plugin is vulnerable to arbitrary email sending via the triggeremailaction function found in the /includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to send arbitrary emails from the affected server via the...

6.4CVSS5.8AI score0.00636EPSS
Exploits2References1
Rows per page
Query Builder