Search
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-24889 | 1 Ninjaforms | 1 Ninja Forms | 2021-11-29 | 6.5 MEDIUM | 7.2 HIGH |
| The Ninja Forms Contact Form WordPress plugin before 3.6.4 does not escape keys of the fields POST parameter, which could allow high privilege users to perform SQL injections attacks | |||||
| CVE-2021-24163 | 1 Ninjaforms | 1 Ninja Forms | 2021-04-09 | 6.5 MEDIUM | 8.8 HIGH |
| The AJAX action, wp_ajax_ninja_forms_sendwp_remote_install_handler, did not have a capability check on it, nor did it have any nonce protection, therefore making it possible for low-level users, such as subscribers, to install and activate the SendWP Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 and retrieve the client_secret key needed to establish the SendWP connection while also installing the SendWP plugin. | |||||
| CVE-2018-16308 | 1 Ninjaforms | 1 Ninja Forms | 2020-08-24 | 6.8 MEDIUM | 8.6 HIGH |
| The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection. | |||||
| CVE-2018-20980 | 1 Ninjaforms | 1 Ninja Forms | 2019-08-26 | 5.0 MEDIUM | 7.5 HIGH |
| The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering. | |||||