Ninja Forms < 3.6.26 - Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin id: CVE-2023-37979 info: name: Ninja Forms 3.6.26 - Cross-Site Scripting author: r3Y3r53 severity:...

WooCommerce Ninja Forms Product Add-ons < 1.7.1 - Unauthenticated Arbitrary File Upload

Description The plugin does not validate the file to be uploaded, allowing any unauthenticated users to upload arbitrary files to the server, leading to RCE. Make sure to have both WooCommerce and NinjaForms 3.4.34.2 NF's latest version on the 3.4 branch installed, then follow those instructions:...

CVE-2022-2903 NinjaForms < 3.6.13 - Admin+ PHP Objection Injection

The Ninja Forms Contact Form WordPress plugin before 3.6.13 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog...

NinjaForms < 3.6.13 - Admin+ PHP Objection Injection

The plugin unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog. PoC To simulate a gadget chain, put the following code in a plugin class Evil...

NinjaForms < 3.6.13 - Admin+ PHP Objection Injection

The plugin unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog. To simulate a gadget chain, put the following code in a plugin class Evil public...

WordPress NinjaForms plugin <= 3.6.12 - Authenticated PHP Objection Injection vulnerability

Authenticated PHP Objection Injection vulnerability discovered by Alessio Santoru in WordPress NinjaForms plugin versions = 3.6.12. Solution Update the WordPress Ninja Forms plugin to the latest available version at least 3.6.13...

CVE-2021-24381 NinjaForms < 3.5.8.2 - Admin+ Stored Cross-Site Scripting

The Ninja Forms Contact Form WordPress plugin before 3.5.8.2 does not sanitise and escape the custom class name of the form field created, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

NinjaForms < 3.5.8.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the custom class name of the form field created, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC With the Form Builder "Dev Mode” setting enabled, create a form and a...

NinjaForms < 3.5.8.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the custom class name of the form field created, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. With the Form Builder "Dev Mode” setting enabled, create a form and a fiel...