Ninjaforms: Security Vulnerabilities
The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vulnerabilities via ninja_forms[recaptcha_site_key], ninja_forms[recaptcha_secret_key], ninja_forms[recaptcha_lang], or ninja_forms[date_format].
CVSS Score
5.4
EPSS Score
0.009
Published
2020-02-14
The ninja-forms plugin before 3.0.31 for WordPress has insufficient HTML escaping in the builder.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-22
The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-08-22
The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests.
CVSS Score
9.1
EPSS Score
0.006
Published
2019-08-22
The ninja-forms plugin before 3.3.21.2 for WordPress has SQL injection in the search filter on the submissions page.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-08-14
Path Traversal and Unrestricted File Upload exists in the Ninja Forms plugin before 3.0.23 for WordPress (when the Uploads add-on is activated). This allows an attacker to traverse the file system to access files and execute code via the includes/fields/upload.php (aka upload/submit page) name and tmp_name parameters.
CVSS Score
8.1
EPSS Score
0.48
Published
2019-05-07
An open redirect in the Ninja Forms plugin before 3.3.19.1 for WordPress allows Remote Attackers to redirect a user via the lib/StepProcessing/step-processing.php (aka submissions download page) redirect parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-12-03
The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection.
CVSS Score
8.6
EPSS Score
0.004
Published
2018-09-01
The Ninja Forms plugin before 3.2.14 for WordPress has XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-02-21
The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request.
CVSS Score
9.8
EPSS Score
0.773
Published
2016-05-14