VYPR

Ninja Forms

by WordPress

Source repositories

CVEs (46)

  • CVE-2025-14072Jan 2, 2026
    risk 0.00cvss epss 0.00

    The Ninja Forms WordPress plugin before 3.13.3 allows unauthenticated attackers to generate valid access tokens via the REST API which can then be used to read form submissions.

  • CVE-2025-11924Dec 17, 2025
    risk 0.00cvss epss 0.00

    The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.13.2. This is due to the plugin not properly verifying that a user is authorized before the…

  • CVE-2025-10498Sep 27, 2025
    risk 0.00cvss epss 0.00

    The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.12.0. This is due to missing or incorrect nonce validation when exporting CSV files. This makes it possible for…

  • CVE-2025-9083Sep 18, 2025
    risk 0.00cvss epss 0.01

    The Ninja Forms WordPress plugin before 3.11.1 unserializes user input via form field, which could allow Unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog.

  • CVE-2015-2220Mar 5, 2015
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in the Ninja Forms plugin before 2.8.9 for WordPress allow (1) remote attackers to inject arbitrary web script or HTML via the ninja_forms_field_1 parameter in a ninja_forms_ajax_submit action to wp-admin/admin-ajax.php or (2)…

  • CVE-2014-9688Mar 5, 2015
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for WordPress has unknown impact and remote attack vectors related to admin users.

Page 3 of 3