8 matches found
CVE-2025-11924
The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.13.2. This is due to the plugin not properly verifying that a user is authorized before the ninja-forms-views REST endpoints...
VulnCheck KEV: CVE-2025-11924
The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.13.2. This is due to the plugin not properly verifying that a user is authorized before the ninja-forms-views REST endpoints...
EUVD-2020-23751
Malware in sbrugna...
CVE-2020-36173
The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for submissions-table fields...
CVE-2020-36173
The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for submissions-table fields...
Code injection
The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for submissions-table fields...
CVE-2020-36173
The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for submissions-table fields...
Ninja Forms < 3.4.28 - Stored Cross-Site Scripting
The plugin did not escape HTML content of fields in the submissions table, which could lead to Cross-Site Scripting issues...