Ninjaforms: >> Ninja Forms >> 2.2.43 Security Vulnerabilities
The Ninja Forms WordPress plugin is vulnerable to sensitive information disclosure via the bulk_export_submissions function found in the ~/includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to export all Ninja Forms submissions data via the /ninja-forms-submissions/export REST API which can include personally identifiable information.
CVSS Score
6.5
EPSS Score
0.004
Published
2021-09-22
The Ninja Forms WordPress plugin is vulnerable to arbitrary email sending via the trigger_email_action function found in the ~/includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to send arbitrary emails from the affected server via the /ninja-forms-submissions/email-action REST API which can be used to socially engineer victims.
CVSS Score
6.4
EPSS Score
0.001
Published
2021-09-22
The AJAX action, wp_ajax_ninja_forms_sendwp_remote_install_handler, did not have a capability check on it, nor did it have any nonce protection, therefore making it possible for low-level users, such as subscribers, to install and activate the SendWP Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 and retrieve the client_secret key needed to establish the SendWP connection while also installing the SendWP plugin.
CVSS Score
8.8
EPSS Score
0.006
Published
2021-04-05
In the Ninja Forms Contact Form WordPress plugin before 3.4.34.1, low-level users, such as subscribers, were able to trigger the action, wp_ajax_nf_oauth, and retrieve the connection url needed to establish a connection. They could also retrieve the client_id for an already established OAuth connection.
CVSS Score
4.3
EPSS Score
0.003
Published
2021-04-05
In the Ninja Forms Contact Form WordPress plugin before 3.4.34, the wp_ajax_nf_oauth_connect AJAX action was vulnerable to open redirect due to the use of a user supplied redirect parameter and no protection in place.
CVSS Score
6.1
EPSS Score
0.015
Published
2021-04-05
The wp_ajax_nf_oauth_disconnect from the Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 had no nonce protection making it possible for attackers to craft a request to disconnect a site's OAuth connection.
CVSS Score
5.4
EPSS Score
0.001
Published
2021-04-05
The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for submissions-table fields.
CVSS Score
5.3
EPSS Score
0.002
Published
2021-01-06
The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration.
CVSS Score
6.5
EPSS Score
0.001
Published
2021-01-06
The Ninja Forms plugin before 3.4.27.1 for WordPress allows attackers to bypass validation via the email field.
CVSS Score
5.3
EPSS Score
0.002
Published
2021-01-06
The ninja-forms plugin before 3.4.24.2 for WordPress allows CSRF with resultant XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-04-29