VYPR

Ninja Forms

by Ninjaforms

Source repositories

CVEs (26)

  • CVE-2024-3866Sep 25, 2024
    risk 0.00cvss epss 0.00

    The Ninja Forms Contact Form plugin for WordPress is vulnerable to Reflected Self-Based Cross-Site Scripting via the 'Referer' header in all versions up to, and including, 3.8.15 due to insufficient input sanitization and output escaping. This makes it possible for…

  • CVE-2024-1596Sep 7, 2024
    risk 0.00cvss epss 0.00

    The Ninja Forms - File Uploads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded file (e.g. RTX file) in all versions up to, and including, 3.3.16 due to insufficient input sanitization and output escaping. This makes it possible for…

  • CVE-2024-7354Sep 2, 2024
    risk 0.00cvss epss 0.01

    The Ninja Forms WordPress plugin before 3.8.11 does not escape an URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

  • CVE-2024-25572Apr 11, 2024
    risk 0.00cvss epss 0.00

    Cross-site request forgery (CSRF) vulnerability exists in Ninja Forms prior to 3.4.31. If a website administrator views a malicious page while logging in, unintended operations may be performed.

  • CVE-2015-2220Mar 5, 2015
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in the Ninja Forms plugin before 2.8.9 for WordPress allow (1) remote attackers to inject arbitrary web script or HTML via the ninja_forms_field_1 parameter in a ninja_forms_ajax_submit action to wp-admin/admin-ajax.php or (2)…

  • CVE-2014-9688Mar 5, 2015
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for WordPress has unknown impact and remote attack vectors related to admin users.

Page 2 of 2