VYPR
Vendor

Saturday Drive

Products
1
CVEs
18
Across products
18
Status
Private

Products

1

Recent CVEs

18
  • CVE-2023-36505MedApr 17, 2024
    risk 0.44cvss 6.8epss 0.01

    Improper Input Validation vulnerability in Saturday Drive Ninja Forms Contact Form.This issue affects Ninja Forms Contact Form : from n/a through 3.6.24.

  • CVE-2023-37979Jul 27, 2023
    risk 0.07cvss epss 0.06

    Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Saturday Drive Ninja Forms Contact Form plugin <= 3.6.25 versions.

  • CVE-2023-1835May 15, 2023
    risk 0.01cvss epss 0.01

    The Ninja Forms Contact Form WordPress plugin before 3.6.22 does not properly escape user input before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

  • CVE-2024-43999Sep 17, 2024
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saturday Drive Ninja Forms allows Stored XSS.This issue affects Ninja Forms: from n/a through 3.8.11.

  • CVE-2024-39628Aug 26, 2024
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Saturday Drive Ninja Forms allows Cross Site Request Forgery.This issue affects Ninja Forms: from n/a through 3.8.6.

  • CVE-2024-37934Jul 9, 2024
    risk 0.00cvss epss 0.00

    Improper Control of Generation of Code ('Code Injection') vulnerability in Saturday Drive Ninja Forms allows Code Injection.This issue affects Ninja Forms: from n/a through 3.8.4.

  • CVE-2023-38393Jun 19, 2024
    risk 0.00cvss epss 0.00

    Missing Authorization vulnerability in Saturday Drive Ninja Forms.This issue affects Ninja Forms: from n/a through 3.6.25.

  • CVE-2023-38386Jun 19, 2024
    risk 0.00cvss epss 0.00

    Missing Authorization vulnerability in Saturday Drive Ninja Forms.This issue affects Ninja Forms: from n/a through 3.6.25.

  • CVE-2024-25572Apr 11, 2024
    risk 0.00cvss epss 0.00

    Cross-site request forgery (CSRF) vulnerability exists in Ninja Forms prior to 3.4.31. If a website administrator views a malicious page while logging in, unintended operations may be performed.

  • CVE-2024-26019Apr 11, 2024
    risk 0.00cvss epss 0.01

    Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in submit processing. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing to the website using the product.

  • CVE-2024-29220Apr 11, 2024
    risk 0.00cvss epss 0.00

    Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in custom fields for labels. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing to the website using the product.

  • CVE-2023-5530Nov 6, 2023
    risk 0.00cvss epss 0.01

    The Ninja Forms Contact Form WordPress plugin before 3.6.34 does not sanitize and escape its label fields, which could allow high privilege users such as admin to perform Stored XSS attacks. Only users with the unfiltered_html capability can perform this, and such users are…

  • CVE-2022-2903Sep 26, 2022
    risk 0.00cvss epss 0.01

    The Ninja Forms Contact Form WordPress plugin before 3.6.13 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.

  • CVE-2021-36827Jun 16, 2022
    risk 0.00cvss epss 0.00

    Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Saturday Drive's Ninja Forms Contact Form plugin <= 3.6.9 at WordPress via "label".

  • CVE-2021-24889Nov 29, 2021
    risk 0.00cvss epss 0.01

    The Ninja Forms Contact Form WordPress plugin before 3.6.4 does not escape keys of the fields POST parameter, which could allow high privilege users to perform SQL injections attacks

  • CVE-2021-24381Oct 25, 2021
    risk 0.00cvss epss 0.01

    The Ninja Forms Contact Form WordPress plugin before 3.5.8.2 does not sanitise and escape the custom class name of the form field created, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

  • CVE-2021-34647Sep 22, 2021
    risk 0.00cvss epss 0.01

    The Ninja Forms WordPress plugin is vulnerable to sensitive information disclosure via the bulk_export_submissions function found in the ~/includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to export all Ninja Forms…

  • CVE-2021-34648Sep 22, 2021
    risk 0.00cvss epss 0.01

    The Ninja Forms WordPress plugin is vulnerable to arbitrary email sending via the trigger_email_action function found in the ~/includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to send arbitrary emails from the…