Ninja Forms Contact Form Security Vulnerabilities and Issues — Ninja Forms Contact Form CVE List

Lucene search

NinjaformsNinja Forms Contact Form

3 matches found

CVE•added 2023/05/15 1:15 p.m.•67 views

CVE-2023-1835

The Ninja Forms Contact Form WordPress plugin before 3.6.22 does not properly escape user input before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

6.1CVSS6.1AI score0.1176EPSS

CVE•added 2023/08/30 3:15 p.m.•58 views

CVE-2023-4109

The Ninja Forms WordPress Ninja Forms Contact Form WordPress plugin before 3.6.26 was affected by a HTML Injection security vulnerability.

4.8CVSS5.6AI score0.00077EPSS

CVE•added 2023/11/06 9:15 p.m.•38 views

CVE-2023-5530

The Ninja Forms Contact Form WordPress plugin before 3.6.34 does not sanitize and escape its label fields, which could allow high privilege users such as admin to perform Stored XSS attacks. Only users with the unfiltered_html capability can perform this, and such users are already allowed to use J...

4.8CVSS4.7AI score0.01481EPSS