Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ninja_forms
(Ninjaforms)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 34 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-04-05 | CVE-2021-24164 | In the Ninja Forms Contact Form WordPress plugin before 3.4.34.1, low-level users, such as subscribers, were able to trigger the action, wp_ajax_nf_oauth, and retrieve the connection url needed to establish a connection. They could also retrieve the client_id for an already established OAuth connection. | Ninja_forms | 4.3 | ||
| 2022-07-04 | CVE-2021-25056 | The Ninja Forms Contact Form WordPress plugin before 3.6.10 does not sanitise and escape field labels, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | Ninja_forms | 4.8 | ||
| 2022-07-04 | CVE-2021-25066 | The Ninja Forms Contact Form WordPress plugin before 3.6.10 does not sanitize and escape some imported data, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | Ninja_forms | 4.8 | ||
| 2021-11-29 | CVE-2021-24889 | The Ninja Forms Contact Form WordPress plugin before 3.6.4 does not escape keys of the fields POST parameter, which could allow high privilege users to perform SQL injections attacks | Ninja_forms | 7.2 | ||
| 2021-01-06 | CVE-2020-36173 | The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for submissions-table fields. | Ninja_forms | 5.3 | ||
| 2021-01-06 | CVE-2020-36175 | The Ninja Forms plugin before 3.4.27.1 for WordPress allows attackers to bypass validation via the email field. | Ninja_forms | 5.3 | ||
| 2021-04-05 | CVE-2021-24166 | The wp_ajax_nf_oauth_disconnect from the Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 had no nonce protection making it possible for attackers to craft a request to disconnect a site's OAuth connection. | Ninja_forms | 5.4 | ||
| 2021-04-05 | CVE-2021-24165 | In the Ninja Forms Contact Form WordPress plugin before 3.4.34, the wp_ajax_nf_oauth_connect AJAX action was vulnerable to open redirect due to the use of a user supplied redirect parameter and no protection in place. | Ninja_forms | 6.1 | ||
| 2021-01-06 | CVE-2020-36174 | The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration. | Ninja_forms | 6.5 | ||
| 2018-09-01 | CVE-2018-16308 | The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection. | Ninja_forms | 8.6 |