Ninjaforms

Ninja Forms

57 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2023-38386

  • EPSS 0.23%
  • Veröffentlicht 19.06.2024 13:15:53
  • Zuletzt bearbeitet 07.04.2025 17:55:07

Missing Authorization vulnerability in Saturday Drive Ninja Forms.This issue affects Ninja Forms: from n/a through 3.6.25.

7.2

CVE-2023-36505

  • EPSS 0.39%
  • Veröffentlicht 17.04.2024 09:15:07
  • Zuletzt bearbeitet 15.04.2025 19:58:20

Improper Input Validation vulnerability in Saturday Drive Ninja Forms Contact Form.This issue affects Ninja Forms Contact Form : from n/a through 3.6.24.

6.1

CVE-2024-29220

  • EPSS 0.31%
  • Veröffentlicht 11.04.2024 03:15:09
  • Zuletzt bearbeitet 08.04.2025 15:19:15

Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in custom fields for labels. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing to the website using the pro...

5.4

CVE-2024-26019

  • EPSS 0.36%
  • Veröffentlicht 11.04.2024 03:15:09
  • Zuletzt bearbeitet 08.04.2025 15:17:37

Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in submit processing. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing to the website using the product.

8.8

CVE-2024-25572

  • EPSS 0.19%
  • Veröffentlicht 11.04.2024 03:15:09
  • Zuletzt bearbeitet 08.04.2025 15:17:15

Cross-site request forgery (CSRF) vulnerability exists in Ninja Forms prior to 3.4.31. If a website administrator views a malicious page while logging in, unintended operations may be performed.

4.3

CVE-2024-2113

  • EPSS 0.19%
  • Veröffentlicht 29.03.2024 07:15:43
  • Zuletzt bearbeitet 23.01.2025 19:15:23

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.0. This is due to missing or incorrect nonce validation on the nf_d...

5.4

CVE-2024-2108

  • EPSS 0.18%
  • Veröffentlicht 29.03.2024 07:15:43
  • Zuletzt bearbeitet 23.01.2025 19:18:21

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an image title embedded into a form in all versions up to, and including, 3.8.0 due to insufficient inpu...

9.8

CVE-2024-0685

  • EPSS 0.61%
  • Veröffentlicht 02.02.2024 05:15:08
  • Zuletzt bearbeitet 21.11.2024 08:47:08

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Second Order SQL Injection via the email address value submitted through forms in all versions up to, and including, 3.7.1 due to insuff...

5.3

CVE-2023-35909

  • EPSS 0.33%
  • Veröffentlicht 07.12.2023 12:15:07
  • Zuletzt bearbeitet 21.11.2024 08:08:57

Uncontrolled Resource Consumption vulnerability in Saturday Drive Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress leading to DoS.This issue affects Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress: from ...

4.8

CVE-2023-5530

Exploit
  • EPSS 1.48%
  • Veröffentlicht 06.11.2023 21:15:10
  • Zuletzt bearbeitet 21.11.2024 08:41:56

The Ninja Forms Contact Form WordPress plugin before 3.6.34 does not sanitize and escape its label fields, which could allow high privilege users such as admin to perform Stored XSS attacks. Only users with the unfiltered_html capability can perform ...