Ninja_forms - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Ninja_forms
(Ninjaforms)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	36

Date	Id	Summary	Products	Score	Patch	Annotated
2024-06-19	CVE-2023-38393	Missing Authorization vulnerability in Saturday Drive Ninja Forms.This issue affects Ninja Forms: from n/a through 3.6.25.	Ninja_forms	8.8
2024-07-09	CVE-2024-37934	Improper Control of Generation of Code ('Code Injection') vulnerability in Saturday Drive Ninja Forms allows Code Injection.This issue affects Ninja Forms: from n/a through 3.8.4.	Ninja_forms	9.8
2024-08-26	CVE-2024-39628	Cross-Site Request Forgery (CSRF) vulnerability in Saturday Drive Ninja Forms allows Cross Site Request Forgery.This issue affects Ninja Forms: from n/a through 3.8.6.	Ninja_forms	8.8
2024-09-02	CVE-2024-7354	The Ninja Forms WordPress plugin before 3.8.11 does not escape an URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin	Ninja_forms	6.1
2024-09-25	CVE-2024-3866	The Ninja Forms Contact Form plugin for WordPress is vulnerable to Reflected Self-Based Cross-Site Scripting via the 'Referer' header in all versions up to, and including, 3.8.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. Successful exploitation of this vulnerability requires...	Ninja_forms	6.1
2024-09-18	CVE-2024-43999	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saturday Drive Ninja Forms allows Stored XSS.This issue affects Ninja Forms: from n/a through 3.8.11.	Ninja_forms	4.8
2018-09-01	CVE-2018-16308	The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection.	Ninja_forms	8.6
2020-04-29	CVE-2020-12462	The ninja-forms plugin before 3.4.24.2 for WordPress allows CSRF with resultant XSS.	Ninja_forms	N/A
2018-12-03	CVE-2018-19796	An open redirect in the Ninja Forms plugin before 3.3.19.1 for WordPress allows Remote Attackers to redirect a user via the lib/StepProcessing/step-processing.php (aka submissions download page) redirect parameter.	Ninja_forms	6.1
2019-08-22	CVE-2018-20981	The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests.	Ninja_forms	9.1