Ninja Forms Security Vulnerabilities and Issues — Ninja Forms CVE List

Lucene search

NinjaformsNinja Forms

4 matches found

CVE•added 2022/07/04 1:15 p.m.•61 views

CVE-2021-25056

The Ninja Forms Contact Form WordPress plugin before 3.6.10 does not sanitise and escape field labels, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

4.8CVSS4.7AI score0.00195EPSS

CVE•added 2022/09/26 1:15 p.m.•54 views

CVE-2022-2903

The Ninja Forms Contact Form WordPress plugin before 3.6.13 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.

7.2CVSS7AI score0.00295EPSS

CVE•added 2022/06/16 6:15 p.m.•52 views

CVE-2021-36827

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Saturday Drive's Ninja Forms Contact Form plugin

4.8CVSS4.8AI score0.00195EPSS

CVE•added 2022/07/04 1:15 p.m.•49 views

CVE-2021-25066

The Ninja Forms Contact Form WordPress plugin before 3.6.10 does not sanitize and escape some imported data, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

4.8CVSS4.6AI score0.00267EPSS