Known Vulnerabilities for products from Ninjaforms

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Ninjaforms".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2021-34648 The Ninja Forms WordPress plugin is vulnerable to arbitrary email sending via the trigger_email_action function found in the ... 4.3 - MEDIUM 2021-09-22 2021-09-29
CVE-2021-34647 The Ninja Forms WordPress plugin is vulnerable to sensitive information disclosure via the bulk_export_submissions function f... 6.5 - MEDIUM 2021-09-22 2021-09-29
CVE-2021-24889 The Ninja Forms Contact Form WordPress plugin before 3.6.4 does not escape keys of the fields POST parameter, which could all... 7.2 - HIGH 2021-11-29 2021-11-29
CVE-2021-24381 The Ninja Forms Contact Form WordPress plugin before 3.5.8.2 does not sanitise and escape the custom class name of the form f... 4.8 - MEDIUM 2021-10-25 2021-10-28
CVE-2021-24166 The wp_ajax_nf_oauth_disconnect from the Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress ... 5.4 - MEDIUM 2021-04-05 2021-04-09
CVE-2021-24165 In the Ninja Forms Contact Form WordPress plugin before 3.4.34, the wp_ajax_nf_oauth_connect AJAX action was vulnerable to op... 6.1 - MEDIUM 2021-04-05 2021-04-09
CVE-2021-24164 In the Ninja Forms Contact Form WordPress plugin before 3.4.34.1, low-level users, such as subscribers, were able to trigger ... 4.3 - MEDIUM 2021-04-05 2021-04-09
CVE-2021-24163 The AJAX action, wp_ajax_ninja_forms_sendwp_remote_install_handler, did not have a capability check on it, nor did it have an... 8.8 - HIGH 2021-04-05 2021-04-09
CVE-2020-36175 The Ninja Forms plugin before 3.4.27.1 for WordPress allows attackers to bypass validation via the email field. 5.3 - MEDIUM 2021-01-06 2021-07-21
CVE-2020-36174 The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration. 6.5 - MEDIUM 2021-01-06 2021-01-08
CVE-2020-36173 The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for submissions-table fields. 5.3 - MEDIUM 2021-01-06 2021-07-21
CVE-2020-12462 The ninja-forms plugin before 3.4.24.2 for WordPress allows CSRF with resultant XSS. 6.1 - MEDIUM 2020-04-29 2020-05-06
CVE-2020-8594 The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vulnerabilities via ninja_forms[recaptcha_site_key], ninj... 5.4 - MEDIUM 2020-02-14 2020-02-18
CVE-2019-15025 The ninja-forms plugin before 3.3.21.2 for WordPress has SQL injection in the search filter on the submissions page. 9.8 - CRITICAL 2019-08-14 2019-08-20
CVE-2019-10869 Path Traversal and Unrestricted File Upload exists in the Ninja Forms plugin before 3.0.23 for WordPress (when the Uploads ad... 8.1 - HIGH 2019-05-07 2019-05-10
CVE-2018-20981 The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Pe... 9.1 - CRITICAL 2019-08-22 2019-08-26
CVE-2018-20980 The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering. 7.5 - HIGH 2019-08-22 2019-08-26
CVE-2018-19796 An open redirect in the Ninja Forms plugin before 3.3.19.1 for WordPress allows Remote Attackers to redirect a user via the l... 6.1 - MEDIUM 2018-12-03 2020-03-03
CVE-2018-16308 The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection. 8.6 - HIGH 2018-09-01 2020-08-24
CVE-2018-7280 The Ninja Forms plugin before 3.2.14 for WordPress has XSS. 6.1 - MEDIUM 2018-02-21 2018-03-05

Known software with vulnerabilities from Ninjaforms

Type Vendor Product Version
ApplicationNinjaformsNinja Forms2.2.6
ApplicationNinjaformsNinjaforms3.4.11

Popular searches for "Ninjaforms"

Ninja Forms WordPress Form Builder

ninjaforms.com

Ninja Forms WordPress Form Builder Ninja Forms is the #1 WordPress forms plugin, trusted by over 1,000,000 users. Build beautiful forms fast with our drag & drop WordPress form builder! ninjaforms.com

ninjaforms.com/about WordPress Form (HTML) Drag and drop Plug-in (computing) User (computing) Google Forms Build (developer conference) Email Computer file Form (document) Software build Programmer Lead generation Web developer Usability Exhibition game Computer programming Ninja (streamer) Microsoft Excel Website

Ninja Forms WordPress Form Builder

ninjaforms.com/pricing

Ninja Forms WordPress Form Builder With Ninja Forms you get to choose just the WordPress form features you need as you need them, or bundle into a membership and save.

Plug-in (computing) WordPress Form (HTML) Google Forms Software license Computer programming General Data Protection Regulation User (computing) Form (document) Product bundling Pricing Client (computing) FAQ Add-on (Mozilla) Ninja (streamer) Regulatory compliance Personal data Microsoft Forms Programmer Software feature