Shodan
Vulnerabilities
Vulnerable Software
Ninjaforms:  Security Vulnerabilities
CVE-2018-20981
The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests.
CVSS Score
9.1
EPSS Score
0.006
Published
2019-08-22
CVE-2019-15025
The ninja-forms plugin before 3.3.21.2 for WordPress has SQL injection in the search filter on the submissions page.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-08-14
CVE-2019-10869
Path Traversal and Unrestricted File Upload exists in the Ninja Forms plugin before 3.0.23 for WordPress (when the Uploads add-on is activated). This allows an attacker to traverse the file system to access files and execute code via the includes/fields/upload.php (aka upload/submit page) name and tmp_name parameters.
CVSS Score
8.1
EPSS Score
0.48
Published
2019-05-07
CVE-2018-19796
An open redirect in the Ninja Forms plugin before 3.3.19.1 for WordPress allows Remote Attackers to redirect a user via the lib/StepProcessing/step-processing.php (aka submissions download page) redirect parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-12-03
CVE-2018-16308
The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection.
CVSS Score
8.6
EPSS Score
0.004
Published
2018-09-01
CVE-2018-7280
The Ninja Forms plugin before 3.2.14 for WordPress has XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-02-21
CVE-2016-1209
The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request.
CVSS Score
9.8
EPSS Score
0.773
Published
2016-05-14
CVE-2015-2220
Multiple cross-site scripting (XSS) vulnerabilities in the Ninja Forms plugin before 2.8.9 for WordPress allow (1) remote attackers to inject arbitrary web script or HTML via the ninja_forms_field_1 parameter in a ninja_forms_ajax_submit action to wp-admin/admin-ajax.php or (2) remote administrators to inject arbitrary web script or HTML via the fields[1] parameter to wp-admin/post.php.
CVSS Score
4.3
EPSS Score
0.002
Published
2015-03-05
CVE-2014-9688
Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for WordPress has unknown impact and remote attack vectors related to admin users.
CVSS Score
7.5
EPSS Score
0.003
Published
2015-03-05


Products
Pricing
Contact Us

Shodan ® - All rights reserved