Known Vulnerabilities for products from Ninjaforms
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Ninjaforms".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2024-50515 json | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kevin Stover Ninja Form... | Not Provided | 2024-11-19 | 2026-04-01 |
| CVE-2024-50514 json | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kevin Stover Ninja Form... | Not Provided | 2024-11-19 | 2026-04-01 |
| CVE-2024-2113 json | The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Cross-Sit... | Not Provided | 2024-03-29 | 2026-04-08 |
| CVE-2024-2108 json | The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cr... | Not Provided | 2024-03-29 | 2026-04-08 |
| CVE-2024-0685 json | The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Second Or... | Not Provided | 2024-02-02 | 2026-04-08 |
| CVE-2023-37979 json | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Saturday Drive Ninja Forms Contact Form plugin <= 3.6.25 versi... | 6.1 - MEDIUM | 2023-07-27 | 2023-08-04 |
| CVE-2023-5530 json | The Ninja Forms Contact Form WordPress plugin before 3.6.34 does not sanitize and escape its label fields, which could allow ... | 4.8 - MEDIUM | 2023-11-06 | 2023-11-14 |
| CVE-2023-4109 json | The Ninja Forms WordPress Ninja Forms Contact Form WordPress plugin before 3.6.26 was affected by a HTML Injection security v... | 4.8 - MEDIUM | 2023-08-30 | 2023-11-07 |
| CVE-2023-1835 json | The Ninja Forms Contact Form WordPress plugin before 3.6.22 does not properly escape user input before outputting it back in ... | 6.1 - MEDIUM | 2023-05-15 | 2023-11-07 |
| CVE-2022-2903 json | The Ninja Forms Contact Form WordPress plugin before 3.6.13 unserialises the content of an imported file, which could lead to... | 7.2 - HIGH | 2022-09-26 | 2022-09-28 |
| CVE-2022-0889 json | The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to reflected cross-site scripting due to missing sani... | Not Provided | 2022-03-23 | 2026-04-08 |
| CVE-2022-0888 json | The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input f... | Not Provided | 2022-03-23 | 2026-04-08 |
| CVE-2021-36827 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 4.8 - MEDIUM | 2022-06-16 | 2023-11-07 |
| CVE-2021-34648 json | The Ninja Forms WordPress plugin is vulnerable to arbitrary email sending via the trigger_email_action function found in the ... | 4.3 - MEDIUM | 2021-09-22 | 2022-10-27 |
| CVE-2021-34647 json | The Ninja Forms WordPress plugin is vulnerable to sensitive information disclosure via the bulk_export_submissions function f... | 6.5 - MEDIUM | 2021-09-22 | 2022-10-27 |
| CVE-2021-25066 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 4.8 - MEDIUM | 2022-07-04 | 2022-07-12 |
| CVE-2021-25056 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 4.8 - MEDIUM | 2022-07-04 | 2022-07-13 |
| CVE-2021-24889 json | The Ninja Forms Contact Form WordPress plugin before 3.6.4 does not escape keys of the fields POST parameter, which could all... | 7.2 - HIGH | 2021-11-29 | 2021-11-29 |
| CVE-2021-24381 json | The Ninja Forms Contact Form WordPress plugin before 3.5.8.2 does not sanitise and escape the custom class name of the form f... | 4.8 - MEDIUM | 2021-10-25 | 2021-10-28 |
| CVE-2021-24166 json | The wp_ajax_nf_oauth_disconnect from the Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress ... | 5.4 - MEDIUM | 2021-04-05 | 2021-04-09 |
Known software with vulnerabilities from Ninjaforms
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Ninjaforms | Ninjaforms | 3.4.11 |
| Application | Ninjaforms | Ninja Forms | 2.2.31 |