19 matches found
📄 WordPress Ninja Forms - File Uploads 3.3.26 Shell Upload / Traversal
WordPress Ninja Forms - File Uploads plugin versions 3.3.26 and below arbitrary file upload exploit. !/usr/bin/env python3 """ Ninja Forms Upload - CVE-2026-0740 Author : Xenon1337 """ from future import annotations import pathlib import random import sys import re from datetime import datetime...
WordPress Ninja Forms plugin <= 3.14.1 - Authenticated (Contributor+) Sensitive Information Disclosure via Block Editor Token vulnerability
Authenticated Contributor+ Sensitive Information Disclosure via Block Editor Token vulnerability discovered by Lucas Montes NiRoX in WordPress Plugin Ninja Forms versions = 3.14.1...
WordPress Ninja Forms plugin <= 3.13.2 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Exposure via Unscoped Bearer Token vulnerability
Insecure Direct Object Reference to Unauthenticated Sensitive Information Exposure via Unscoped Bearer Token vulnerability discovered by WordFence in WordPress Plugin Ninja Forms versions = 3.13.2...
EUVD-2025-29844
Malicious code in bioql PyPI...
WordPress Ninja Forms plugin <= 3.8.19 - Unauthenticated Stored Cross-Site Scripting via Form Calculations vulnerability
Unauthenticated Stored Cross-Site Scripting via Form Calculations vulnerability discovered by mikemyers in WordPress Plugin Ninja Forms versions = 3.8.19...
WordPress Ninja Forms – The Contact Form Builder That Grows With You plugin <= 3.8.16 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Hwang Se-yeon Patchstack Alliance in WordPress Plugin Ninja Forms versions = 3.8.16...
WordPress Ninja Forms – The Contact Form Builder That Grows With You plugin <= 3.8.16 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Hwang Se-yeon in WordPress Plugin Ninja Forms versions = 3.8.16...
WordPress Ninja Forms Plugin <= 3.8.11 is vulnerable to Cross Site Scripting (XSS)
Software Ninja Forms Type Plugin Vulnerable versions = 3.8.11 Fixed in 3.8.12 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43999 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID f7b73633135b Credits Joel Indra Required privilege...
WordPress Ninja Forms Plugin <= 3.8.6 is vulnerable to Cross Site Request Forgery (CSRF)
Software Ninja Forms Type Plugin Vulnerable versions = 3.8.6 Fixed in 3.8.7 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-39628 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID d4c57bafbe6c Credits Rafie Muhammad Patchsta...
WordPress Ninja Forms Plugin <= 3.8.4 is vulnerable to Broken Access Control
Software Ninja Forms Type Plugin Vulnerable versions = 3.8.4 Fixed in 3.8.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37934 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 5bd0529a71e3 Credits Rafie Muhammad Patchstack Require...
WordPress plugin Ninja Forms 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress Ninja Forms Plugin < 3.6.34 is vulnerable to Cross Site Scripting (XSS)
Software Ninja Forms Type Plugin Vulnerable versions 3.6.34 Fixed in 3.6.34 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5530 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a9b2d204bb4c Credits Jonathan Zamora Required...
WordPress Ninja Forms Contact Form Plugin < 3.6.26 Multiple Vulnerabilities
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ninjaforms:contactform"; ifdescription...
WordPress Ninja Forms Plugin <= 3.6.24 is vulnerable to Arbitrary File Deletion
Software Ninja Forms Type Plugin Vulnerable versions = 3.6.24 Fixed in 3.6.25 OWASP Top 10 A6: Security Misconfiguration Classification Arbitrary File Deletion CVE CVE-2023-36505 Patch priority Low CVSS severity Low 6.8 Developer Claim ownership PSID 711180726eeb Credits Theodoros Malachias...
WordPress plugin Ninja Forms Contact Form 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress Ninja Forms Contact Form 信息泄露漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An information disclosure vulnerability exists in the Ninja Forms Contact Form WordPress plugin befo...
Wordpress Ninja Forms 3.3.17 Plugin - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Wordpress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting Exploit Author: MTK Vendor Homepage: https://ninjaforms.com Softwae Link: https://wordpress.org/plugins/ninja-forms/ Version: Up to V3.3.17 Tested on: Debian 9 - Apache2...
WordPress Ninja Forms plugin <= 3.3.13 - CSV Injection vulnerability
CSV Injection vulnerability fund by Mostafa Gharzi in WordPress Ninja Forms plugin versions = 3.3.13. Solution Update the WordPress Ninja Forms plugin to the latest available version at least 3.3.14...
Wordpress Ninja Forms 3.3.13 Plugin - CSV Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Wordpress Plugin Ninja Forms 3.3.13 - CSV Injection Exploit Author: Mostafa Gharzi Website: https://www.certcc.ir Vendor: The WP Ninjas Software Link: https://wordpress.org/plugins/ninja-forms/ Affected Version: 3.3.13 and befor...