Ninja_forms - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Ninja_forms
(Ninjaforms)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	36

Date	Id	Summary	Products	Score	Patch	Annotated
2020-04-29	CVE-2020-12462	The ninja-forms plugin before 3.4.24.2 for WordPress allows CSRF with resultant XSS.	Ninja_forms	N/A
2018-12-03	CVE-2018-19796	An open redirect in the Ninja Forms plugin before 3.3.19.1 for WordPress allows Remote Attackers to redirect a user via the lib/StepProcessing/step-processing.php (aka submissions download page) redirect parameter.	Ninja_forms	6.1
2020-02-14	CVE-2020-8594	The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vulnerabilities via ninja_forms[recaptcha_site_key], ninja_forms[recaptcha_secret_key], ninja_forms[recaptcha_lang], or ninja_forms[date_format].	Ninja_forms	N/A
2019-08-22	CVE-2018-20981	The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests.	Ninja_forms	9.1
2019-08-22	CVE-2018-20980	The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering.	Ninja_forms	7.5
2019-08-22	CVE-2017-18574	The ninja-forms plugin before 3.0.31 for WordPress has insufficient HTML escaping in the builder.	Ninja_forms	6.1
2018-02-21	CVE-2018-7280	The Ninja Forms plugin before 3.2.14 for WordPress has XSS.	Ninja_forms	6.1
2016-05-14	CVE-2016-1209	The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request.	Ninja_forms	9.8
2015-03-05	CVE-2015-2220	Multiple cross-site scripting (XSS) vulnerabilities in the Ninja Forms plugin before 2.8.9 for WordPress allow (1) remote attackers to inject arbitrary web script or HTML via the ninja_forms_field_1 parameter in a ninja_forms_ajax_submit action to wp-admin/admin-ajax.php or (2) remote administrators to inject arbitrary web script or HTML via the fields[1] parameter to wp-admin/post.php.	Ninja_forms	N/A
2015-03-05	CVE-2014-9688	Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for WordPress has unknown impact and remote attack vectors related to admin users.	Ninja_forms	N/A