Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ninja_forms
(Ninjaforms)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 34 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2021-04-05 | CVE-2021-24166 | The wp_ajax_nf_oauth_disconnect from the Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 had no nonce protection making it possible for attackers to craft a request to disconnect a site's OAuth connection. | Ninja_forms | 5.4 | ||
2021-04-05 | CVE-2021-24165 | In the Ninja Forms Contact Form WordPress plugin before 3.4.34, the wp_ajax_nf_oauth_connect AJAX action was vulnerable to open redirect due to the use of a user supplied redirect parameter and no protection in place. | Ninja_forms | 6.1 | ||
2021-01-06 | CVE-2020-36174 | The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration. | Ninja_forms | 6.5 | ||
2018-09-01 | CVE-2018-16308 | The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection. | Ninja_forms | 8.6 | ||
2020-04-29 | CVE-2020-12462 | The ninja-forms plugin before 3.4.24.2 for WordPress allows CSRF with resultant XSS. | Ninja_forms | N/A | ||
2018-12-03 | CVE-2018-19796 | An open redirect in the Ninja Forms plugin before 3.3.19.1 for WordPress allows Remote Attackers to redirect a user via the lib/StepProcessing/step-processing.php (aka submissions download page) redirect parameter. | Ninja_forms | 6.1 | ||
2020-02-14 | CVE-2020-8594 | The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vulnerabilities via ninja_forms[recaptcha_site_key], ninja_forms[recaptcha_secret_key], ninja_forms[recaptcha_lang], or ninja_forms[date_format]. | Ninja_forms | N/A | ||
2019-08-22 | CVE-2018-20981 | The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests. | Ninja_forms | 9.1 | ||
2019-08-22 | CVE-2018-20980 | The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering. | Ninja_forms | 7.5 | ||
2019-08-22 | CVE-2017-18574 | The ninja-forms plugin before 3.0.31 for WordPress has insufficient HTML escaping in the builder. | Ninja_forms | 6.1 |