Ninjaforms: >> Ninja Forms >> 3.0 Security Vulnerabilities
The ninja-forms plugin before 3.4.24.2 for WordPress allows CSRF with resultant XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-04-29
The ninja-forms plugin before 3.0.31 for WordPress has insufficient HTML escaping in the builder.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-22
The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-08-22
The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests.
CVSS Score
9.1
EPSS Score
0.006
Published
2019-08-22
An open redirect in the Ninja Forms plugin before 3.3.19.1 for WordPress allows Remote Attackers to redirect a user via the lib/StepProcessing/step-processing.php (aka submissions download page) redirect parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-12-03
The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection.
CVSS Score
8.6
EPSS Score
0.004
Published
2018-09-01
The Ninja Forms plugin before 3.2.14 for WordPress has XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-02-21
Page 5