Search Results (Refine Search)
- Keyword (text search): cpe:2.3:a:ninjaforms:ninja_forms:2.9.29:*:*:*:*:wordpress:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2018-20981 |
The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests. Published: August 22, 2019; 9:15:12 AM -0400 |
V4.0:(not available) V3.0: 9.1 CRITICAL V2.0: 6.4 MEDIUM |
CVE-2018-20980 |
The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering. Published: August 22, 2019; 9:15:12 AM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-18574 |
The ninja-forms plugin before 3.0.31 for WordPress has insufficient HTML escaping in the builder. Published: August 22, 2019; 9:15:12 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-19796 |
An open redirect in the Ninja Forms plugin before 3.3.19.1 for WordPress allows Remote Attackers to redirect a user via the lib/StepProcessing/step-processing.php (aka submissions download page) redirect parameter. Published: December 03, 2018; 1:29:00 AM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 5.8 MEDIUM |
CVE-2018-16308 |
The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection. Published: September 01, 2018; 2:29:00 PM -0400 |
V4.0:(not available) V3.0: 8.6 HIGH V2.0: 6.8 MEDIUM |
CVE-2018-7280 |
The Ninja Forms plugin before 3.2.14 for WordPress has XSS. Published: February 21, 2018; 11:29:01 AM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-1209 |
The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request. Published: May 14, 2016; 11:59:03 AM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |