Saturday Drive
Products
1- 18 CVEs
Recent CVEs
18| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-36505 | Med | 0.44 | 6.8 | 0.01 | Apr 17, 2024 | Improper Input Validation vulnerability in Saturday Drive Ninja Forms Contact Form.This issue affects Ninja Forms Contact Form : from n/a through 3.6.24. | ||
| CVE-2023-37979 | 0.07 | — | 0.06 | Jul 27, 2023 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Saturday Drive Ninja Forms Contact Form plugin <= 3.6.25 versions. | |||
| CVE-2023-1835 | 0.01 | — | 0.01 | May 15, 2023 | The Ninja Forms Contact Form WordPress plugin before 3.6.22 does not properly escape user input before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||
| CVE-2024-43999 | 0.00 | — | 0.00 | Sep 17, 2024 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saturday Drive Ninja Forms allows Stored XSS.This issue affects Ninja Forms: from n/a through 3.8.11. | |||
| CVE-2024-39628 | 0.00 | — | 0.00 | Aug 26, 2024 | Cross-Site Request Forgery (CSRF) vulnerability in Saturday Drive Ninja Forms allows Cross Site Request Forgery.This issue affects Ninja Forms: from n/a through 3.8.6. | |||
| CVE-2024-37934 | 0.00 | — | 0.00 | Jul 9, 2024 | Improper Control of Generation of Code ('Code Injection') vulnerability in Saturday Drive Ninja Forms allows Code Injection.This issue affects Ninja Forms: from n/a through 3.8.4. | |||
| CVE-2023-38393 | 0.00 | — | 0.00 | Jun 19, 2024 | Missing Authorization vulnerability in Saturday Drive Ninja Forms.This issue affects Ninja Forms: from n/a through 3.6.25. | |||
| CVE-2023-38386 | 0.00 | — | 0.00 | Jun 19, 2024 | Missing Authorization vulnerability in Saturday Drive Ninja Forms.This issue affects Ninja Forms: from n/a through 3.6.25. | |||
| CVE-2024-25572 | 0.00 | — | 0.00 | Apr 11, 2024 | Cross-site request forgery (CSRF) vulnerability exists in Ninja Forms prior to 3.4.31. If a website administrator views a malicious page while logging in, unintended operations may be performed. | |||
| CVE-2024-26019 | 0.00 | — | 0.01 | Apr 11, 2024 | Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in submit processing. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing to the website using the product. | |||
| CVE-2024-29220 | 0.00 | — | 0.00 | Apr 11, 2024 | Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in custom fields for labels. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing to the website using the product. | |||
| CVE-2023-5530 | 0.00 | — | 0.01 | Nov 6, 2023 | The Ninja Forms Contact Form WordPress plugin before 3.6.34 does not sanitize and escape its label fields, which could allow high privilege users such as admin to perform Stored XSS attacks. Only users with the unfiltered_html capability can perform this, and such users are… | |||
| CVE-2022-2903 | 0.00 | — | 0.01 | Sep 26, 2022 | The Ninja Forms Contact Form WordPress plugin before 3.6.13 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog. | |||
| CVE-2021-36827 | 0.00 | — | 0.00 | Jun 16, 2022 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Saturday Drive's Ninja Forms Contact Form plugin <= 3.6.9 at WordPress via "label". | |||
| CVE-2021-24889 | 0.00 | — | 0.01 | Nov 29, 2021 | The Ninja Forms Contact Form WordPress plugin before 3.6.4 does not escape keys of the fields POST parameter, which could allow high privilege users to perform SQL injections attacks | |||
| CVE-2021-24381 | 0.00 | — | 0.01 | Oct 25, 2021 | The Ninja Forms Contact Form WordPress plugin before 3.5.8.2 does not sanitise and escape the custom class name of the form field created, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||
| CVE-2021-34647 | 0.00 | — | 0.01 | Sep 22, 2021 | The Ninja Forms WordPress plugin is vulnerable to sensitive information disclosure via the bulk_export_submissions function found in the ~/includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to export all Ninja Forms… | |||
| CVE-2021-34648 | 0.00 | — | 0.01 | Sep 22, 2021 | The Ninja Forms WordPress plugin is vulnerable to arbitrary email sending via the trigger_email_action function found in the ~/includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to send arbitrary emails from the… |
- risk 0.44cvss 6.8epss 0.01
Improper Input Validation vulnerability in Saturday Drive Ninja Forms Contact Form.This issue affects Ninja Forms Contact Form : from n/a through 3.6.24.
- CVE-2023-37979Jul 27, 2023risk 0.07cvss —epss 0.06
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Saturday Drive Ninja Forms Contact Form plugin <= 3.6.25 versions.
- CVE-2023-1835May 15, 2023risk 0.01cvss —epss 0.01
The Ninja Forms Contact Form WordPress plugin before 3.6.22 does not properly escape user input before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
- CVE-2024-43999Sep 17, 2024risk 0.00cvss —epss 0.00
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saturday Drive Ninja Forms allows Stored XSS.This issue affects Ninja Forms: from n/a through 3.8.11.
- CVE-2024-39628Aug 26, 2024risk 0.00cvss —epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Saturday Drive Ninja Forms allows Cross Site Request Forgery.This issue affects Ninja Forms: from n/a through 3.8.6.
- CVE-2024-37934Jul 9, 2024risk 0.00cvss —epss 0.00
Improper Control of Generation of Code ('Code Injection') vulnerability in Saturday Drive Ninja Forms allows Code Injection.This issue affects Ninja Forms: from n/a through 3.8.4.
- CVE-2023-38393Jun 19, 2024risk 0.00cvss —epss 0.00
Missing Authorization vulnerability in Saturday Drive Ninja Forms.This issue affects Ninja Forms: from n/a through 3.6.25.
- CVE-2023-38386Jun 19, 2024risk 0.00cvss —epss 0.00
Missing Authorization vulnerability in Saturday Drive Ninja Forms.This issue affects Ninja Forms: from n/a through 3.6.25.
- CVE-2024-25572Apr 11, 2024risk 0.00cvss —epss 0.00
Cross-site request forgery (CSRF) vulnerability exists in Ninja Forms prior to 3.4.31. If a website administrator views a malicious page while logging in, unintended operations may be performed.
- CVE-2024-26019Apr 11, 2024risk 0.00cvss —epss 0.01
Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in submit processing. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing to the website using the product.
- CVE-2024-29220Apr 11, 2024risk 0.00cvss —epss 0.00
Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in custom fields for labels. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing to the website using the product.
- CVE-2023-5530Nov 6, 2023risk 0.00cvss —epss 0.01
The Ninja Forms Contact Form WordPress plugin before 3.6.34 does not sanitize and escape its label fields, which could allow high privilege users such as admin to perform Stored XSS attacks. Only users with the unfiltered_html capability can perform this, and such users are…
- CVE-2022-2903Sep 26, 2022risk 0.00cvss —epss 0.01
The Ninja Forms Contact Form WordPress plugin before 3.6.13 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.
- CVE-2021-36827Jun 16, 2022risk 0.00cvss —epss 0.00
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Saturday Drive's Ninja Forms Contact Form plugin <= 3.6.9 at WordPress via "label".
- CVE-2021-24889Nov 29, 2021risk 0.00cvss —epss 0.01
The Ninja Forms Contact Form WordPress plugin before 3.6.4 does not escape keys of the fields POST parameter, which could allow high privilege users to perform SQL injections attacks
- CVE-2021-24381Oct 25, 2021risk 0.00cvss —epss 0.01
The Ninja Forms Contact Form WordPress plugin before 3.5.8.2 does not sanitise and escape the custom class name of the form field created, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
- CVE-2021-34647Sep 22, 2021risk 0.00cvss —epss 0.01
The Ninja Forms WordPress plugin is vulnerable to sensitive information disclosure via the bulk_export_submissions function found in the ~/includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to export all Ninja Forms…
- CVE-2021-34648Sep 22, 2021risk 0.00cvss —epss 0.01
The Ninja Forms WordPress plugin is vulnerable to arbitrary email sending via the trigger_email_action function found in the ~/includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to send arbitrary emails from the…