Ninja_forms - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Ninja_forms
(Ninjaforms)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	41

Date	Id	Summary	Products	Score	Patch	Annotated
2024-09-18	CVE-2024-43999	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saturday Drive Ninja Forms allows Stored XSS.This issue affects Ninja Forms: from n/a through 3.8.11.	Ninja_forms	4.8
2018-09-01	CVE-2018-16308	The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection.	Ninja_forms	8.6
2020-04-29	CVE-2020-12462	The ninja-forms plugin before 3.4.24.2 for WordPress allows CSRF with resultant XSS.	Ninja_forms	N/A
2018-12-03	CVE-2018-19796	An open redirect in the Ninja Forms plugin before 3.3.19.1 for WordPress allows Remote Attackers to redirect a user via the lib/StepProcessing/step-processing.php (aka submissions download page) redirect parameter.	Ninja_forms	6.1
2019-08-22	CVE-2018-20981	The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests.	Ninja_forms	9.1
2019-08-22	CVE-2018-20980	The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering.	Ninja_forms	7.5
2019-08-22	CVE-2017-18574	The ninja-forms plugin before 3.0.31 for WordPress has insufficient HTML escaping in the builder.	Ninja_forms	6.1
2018-02-21	CVE-2018-7280	The Ninja Forms plugin before 3.2.14 for WordPress has XSS.	Ninja_forms	6.1
2016-05-14	CVE-2016-1209	The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request.	Ninja_forms	9.8
2015-03-05	CVE-2015-2220	Multiple cross-site scripting (XSS) vulnerabilities in the Ninja Forms plugin before 2.8.9 for WordPress allow (1) remote attackers to inject arbitrary web script or HTML via the ninja_forms_field_1 parameter in a ninja_forms_ajax_submit action to wp-admin/admin-ajax.php or (2) remote administrators to inject arbitrary web script or HTML via the fields[1] parameter to wp-admin/post.php.	Ninja_forms	N/A