) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:ninjaforms:ninja_forms:2.2.45:*:*:*:*:wordpress:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2018-20981 |
The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests. Published: August 22, 2019; 9:15:12 AM -0400 |
V4.0:(not available) V3.0: 9.1 CRITICAL V2.0: 6.4 MEDIUM |
| CVE-2018-20980 |
The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering. Published: August 22, 2019; 9:15:12 AM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2017-18574 |
The ninja-forms plugin before 3.0.31 for WordPress has insufficient HTML escaping in the builder. Published: August 22, 2019; 9:15:12 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2018-19796 |
An open redirect in the Ninja Forms plugin before 3.3.19.1 for WordPress allows Remote Attackers to redirect a user via the lib/StepProcessing/step-processing.php (aka submissions download page) redirect parameter. Published: December 03, 2018; 1:29:00 AM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 5.8 MEDIUM |
| CVE-2018-16308 |
The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection. Published: September 01, 2018; 2:29:00 PM -0400 |
V4.0:(not available) V3.0: 8.6 HIGH V2.0: 6.8 MEDIUM |
| CVE-2018-7280 |
The Ninja Forms plugin before 3.2.14 for WordPress has XSS. Published: February 21, 2018; 11:29:01 AM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2016-1209 |
The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request. Published: May 14, 2016; 11:59:03 AM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2015-2220 |
Multiple cross-site scripting (XSS) vulnerabilities in the Ninja Forms plugin before 2.8.9 for WordPress allow (1) remote attackers to inject arbitrary web script or HTML via the ninja_forms_field_1 parameter in a ninja_forms_ajax_submit action to wp-admin/admin-ajax.php or (2) remote administrators to inject arbitrary web script or HTML via the fields[1] parameter to wp-admin/post.php. Published: March 05, 2015; 11:59:02 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
| CVE-2014-9688 |
Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for WordPress has unknown impact and remote attack vectors related to admin users. Published: March 05, 2015; 11:59:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |