Ninjaforms: >> Ninja Forms >> 2.2.55 Security Vulnerabilities
In the Ninja Forms Contact Form WordPress plugin before 3.4.34.1, low-level users, such as subscribers, were able to trigger the action, wp_ajax_nf_oauth, and retrieve the connection url needed to establish a connection. They could also retrieve the client_id for an already established OAuth connection.
CVSS Score
4.3
EPSS Score
0.003
Published
2021-04-05
In the Ninja Forms Contact Form WordPress plugin before 3.4.34, the wp_ajax_nf_oauth_connect AJAX action was vulnerable to open redirect due to the use of a user supplied redirect parameter and no protection in place.
CVSS Score
6.1
EPSS Score
0.012
Published
2021-04-05
The wp_ajax_nf_oauth_disconnect from the Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 had no nonce protection making it possible for attackers to craft a request to disconnect a site's OAuth connection.
CVSS Score
5.4
EPSS Score
0.001
Published
2021-04-05
The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for submissions-table fields.
CVSS Score
5.3
EPSS Score
0.002
Published
2021-01-06
The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration.
CVSS Score
6.5
EPSS Score
0.001
Published
2021-01-06
The Ninja Forms plugin before 3.4.27.1 for WordPress allows attackers to bypass validation via the email field.
CVSS Score
5.3
EPSS Score
0.002
Published
2021-01-06
The ninja-forms plugin before 3.4.24.2 for WordPress allows CSRF with resultant XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-04-29
The ninja-forms plugin before 3.0.31 for WordPress has insufficient HTML escaping in the builder.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-22
The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-08-22
The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests.
CVSS Score
9.1
EPSS Score
0.006
Published
2019-08-22