Shodan
Vulnerabilities
Vulnerable Software
Ninjaforms:  >> Ninja Forms  Security Vulnerabilities
CVE-2024-43999
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saturday Drive Ninja Forms allows Stored XSS.This issue affects Ninja Forms: from n/a through 3.8.11.
CVSS Score
5.9
EPSS Score
0.001
Published
2024-09-18
CVE-2024-7354
The Ninja Forms WordPress plugin before 3.8.11 does not escape an URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVSS Score
6.1
EPSS Score
0.008
Published
2024-09-02
CVE-2024-39628
Cross-Site Request Forgery (CSRF) vulnerability in Saturday Drive Ninja Forms allows Cross Site Request Forgery.This issue affects Ninja Forms: from n/a through 3.8.6.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-08-26
CVE-2024-37934
Improper Control of Generation of Code ('Code Injection') vulnerability in Saturday Drive Ninja Forms allows Code Injection.This issue affects Ninja Forms: from n/a through 3.8.4.
CVSS Score
5.4
EPSS Score
0.004
Published
2024-07-09
CVE-2023-38393
Missing Authorization vulnerability in Saturday Drive Ninja Forms.This issue affects Ninja Forms: from n/a through 3.6.25.
CVSS Score
7.6
EPSS Score
0.002
Published
2024-06-19
CVE-2023-38386
Missing Authorization vulnerability in Saturday Drive Ninja Forms.This issue affects Ninja Forms: from n/a through 3.6.25.
CVSS Score
7.6
EPSS Score
0.002
Published
2024-06-19
CVE-2023-36505
Improper Input Validation vulnerability in Saturday Drive Ninja Forms Contact Form.This issue affects Ninja Forms Contact Form : from n/a through 3.6.24.
CVSS Score
6.8
EPSS Score
0.004
Published
2024-04-17
CVE-2024-25572
Cross-site request forgery (CSRF) vulnerability exists in Ninja Forms prior to 3.4.31. If a website administrator views a malicious page while logging in, unintended operations may be performed.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-04-11
CVE-2024-26019
Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in submit processing. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing to the website using the product.
CVSS Score
5.4
EPSS Score
0.003
Published
2024-04-11
CVE-2024-29220
Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in custom fields for labels. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing to the website using the product.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-04-11


Products
Pricing
Contact Us

Shodan ® - All rights reserved