Ninjaforms

Ninja Forms

57 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.3

CVE-2024-12238

  • EPSS 0.16%
  • Veröffentlicht 29.12.2024 06:15:05
  • Zuletzt bearbeitet 18.04.2025 18:31:38

The The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.8.22. This is due to the software allowing users to execute an action that ...

6.1

CVE-2024-11052

  • EPSS 3.55%
  • Veröffentlicht 12.12.2024 06:15:20
  • Zuletzt bearbeitet 11.04.2025 14:59:52

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the calculations parameter in all versions up to, and including, 3.8.19 due to insufficient input sanitization and ou...

4.8

CVE-2024-50514

  • EPSS 0.1%
  • Veröffentlicht 19.11.2024 17:15:10
  • Zuletzt bearbeitet 23.01.2025 17:12:18

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saturday Drive Ninja Forms allows Stored XSS.This issue affects Ninja Forms: from n/a through 3.8.16.

4.8

CVE-2024-50515

  • EPSS 0.1%
  • Veröffentlicht 19.11.2024 17:15:10
  • Zuletzt bearbeitet 23.01.2025 17:09:36

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saturday Drive Ninja Forms allows Stored XSS.This issue affects Ninja Forms: from n/a through 3.8.16.

6.1

CVE-2024-3866

  • EPSS 1.3%
  • Veröffentlicht 25.09.2024 07:15:02
  • Zuletzt bearbeitet 02.10.2024 18:26:59

The Ninja Forms Contact Form plugin for WordPress is vulnerable to Reflected Self-Based Cross-Site Scripting via the 'Referer' header in all versions up to, and including, 3.8.15 due to insufficient input sanitization and output escaping. This makes ...

4.8

CVE-2024-43999

  • EPSS 0.21%
  • Veröffentlicht 18.09.2024 00:15:09
  • Zuletzt bearbeitet 25.09.2024 15:15:43

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saturday Drive Ninja Forms allows Stored XSS.This issue affects Ninja Forms: from n/a through 3.8.11.

6.1

CVE-2024-7354

Exploit
  • EPSS 1.18%
  • Veröffentlicht 02.09.2024 08:15:06
  • Zuletzt bearbeitet 04.10.2024 17:16:20

The Ninja Forms WordPress plugin before 3.8.11 does not escape an URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

8.8

CVE-2024-39628

  • EPSS 0.13%
  • Veröffentlicht 26.08.2024 21:15:23
  • Zuletzt bearbeitet 20.10.2024 12:15:03

Cross-Site Request Forgery (CSRF) vulnerability in Saturday Drive Ninja Forms allows Cross Site Request Forgery.This issue affects Ninja Forms: from n/a through 3.8.6.

9.8

CVE-2024-37934

  • EPSS 1.08%
  • Veröffentlicht 09.07.2024 13:15:10
  • Zuletzt bearbeitet 21.11.2024 09:24:32

Improper Control of Generation of Code ('Code Injection') vulnerability in Saturday Drive Ninja Forms allows Code Injection.This issue affects Ninja Forms: from n/a through 3.8.4.

8.8

CVE-2023-38393

  • EPSS 0.33%
  • Veröffentlicht 19.06.2024 15:15:57
  • Zuletzt bearbeitet 21.11.2024 08:13:28

Missing Authorization vulnerability in Saturday Drive Ninja Forms.This issue affects Ninja Forms: from n/a through 3.6.25.