| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2019-10869 | 6.8 |
Path Traversal and Unrestricted File Upload exists in the Ninja Forms plugin before 3.0.23 for WordPress (when the Uploads add-on is activated). This allows an attacker to traverse the file system to access files and execute code via the includes/fie
|
07-05-2019 - 14:29 | 07-05-2019 - 14:29 | |
| CVE-2018-19796 | 5.8 |
An open redirect in the Ninja Forms plugin before 3.3.19.1 for WordPress allows Remote Attackers to redirect a user via the lib/StepProcessing/step-processing.php (aka submissions download page) redirect parameter.
|
03-12-2018 - 01:29 | 03-12-2018 - 01:29 | |
| CVE-2018-16308 | 6.8 |
The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection.
|
01-09-2018 - 14:29 | 01-09-2018 - 14:29 | |
| CVE-2018-7280 | 4.3 |
The Ninja Forms plugin before 3.2.14 for WordPress has XSS.
|
21-02-2018 - 11:29 | 21-02-2018 - 11:29 | |
| CVE-2015-2220 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in the Ninja Forms plugin before 2.8.9 for WordPress allow (1) remote attackers to inject arbitrary web script or HTML via the ninja_forms_field_1 parameter in a ninja_forms_ajax_submit action to wp
|
02-12-2016 - 22:04 | 05-03-2015 - 11:59 | |
| CVE-2016-1209 | 7.5 |
The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request.
|
23-06-2016 - 13:54 | 14-05-2016 - 11:59 | |
| CVE-2014-9688 | 7.5 |
Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for WordPress has unknown impact and remote attack vectors related to admin users.
|
05-03-2015 - 13:00 | 05-03-2015 - 11:59 |
