Ninjaforms: >> Ninja Forms Security Vulnerabilities
The Ninja Forms plugin before 3.4.27.1 for WordPress allows attackers to bypass validation via the email field.
CVSS Score
5.3
EPSS Score
0.002
Published
2021-01-06
The ninja-forms plugin before 3.4.24.2 for WordPress allows CSRF with resultant XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-04-29
The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vulnerabilities via ninja_forms[recaptcha_site_key], ninja_forms[recaptcha_secret_key], ninja_forms[recaptcha_lang], or ninja_forms[date_format].
CVSS Score
5.4
EPSS Score
0.009
Published
2020-02-14
The ninja-forms plugin before 3.0.31 for WordPress has insufficient HTML escaping in the builder.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-22
The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-08-22
The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests.
CVSS Score
9.1
EPSS Score
0.006
Published
2019-08-22
An open redirect in the Ninja Forms plugin before 3.3.19.1 for WordPress allows Remote Attackers to redirect a user via the lib/StepProcessing/step-processing.php (aka submissions download page) redirect parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-12-03
The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection.
CVSS Score
8.6
EPSS Score
0.004
Published
2018-09-01
The Ninja Forms plugin before 3.2.14 for WordPress has XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-02-21
The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request.
CVSS Score
9.8
EPSS Score
0.773
Published
2016-05-14