CVE-2024-2113

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.0. This is due to missing or incorrect nonce validation on the nfdownloadallsubs AJAX action. This makes it possib...

WordPress 插件 安全漏洞

WordPress Plugin is an open source application plugin for WordPress. A security vulnerability exists in the WordPress plugin Ninja Forms 3.5.7 and earlier versions, where an authenticated attacker can export all Ninja Forms submissions, which may contain personally identifiable information, via t...