Page 5 of 34 results (0.005 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for submissions-table fields. El plugin Ninja Forms versiones anteriores a 3.4.28 para WordPress, carece de escape para los campos submissions-table • https://wordpress.org/plugins/ninja-forms/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-116: Improper Encoding or Escaping of Output •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

The ninja-forms plugin before 3.4.24.2 for WordPress allows CSRF with resultant XSS. El plugin ninja-forms versiones anteriores a 3.4.24.2 para WordPress, permite un ataque de tipo CSRF con un XSS resultante. The Ninja Forms plugin before 3.4.24.2 for WordPress allows CSRF with resultant XSS. • https://wordpress.org/plugins/ninja-forms/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1

The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/includes/ajax/controllers/uploads.php file which can be bypassed making it possible for unauthenticated attackers to upload malicious files that can be used to obtain remote code execution, in versions up to and including 3.3.0 El plugin Ninja Forms - File Uploads Extension de WordPress es vulnerable a una carga de archivos arbitrarios debido a la insuficiente comprobación del tipo de archivo de entrada encontrada en el archivo ~/includes/ajax/controllers/uploads.php que puede ser evitado haciendo posible que atacantes no autenticados carguen archivos maliciosos que pueden ser usados para obtener una ejecución de código remota, en versiones hasta la 3.3.0 incluyéndola • https://gist.github.com/Xib3rR4dAr/5f0accbbfdee279c68ed144da9cd8607 https://www.wordfence.com/threat-intel/vulnerabilities/id/f00eeaef-f277-481f-9e18-bf1ced0015a0?source=cve https://www.wordfence.com/vulnerability-advisories/#CVE-2022-0888 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1

The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vulnerabilities via ninja_forms[recaptcha_site_key], ninja_forms[recaptcha_secret_key], ninja_forms[recaptcha_lang], or ninja_forms[date_format]. El plugin Ninja Forms versión 3.4.22 para WordPress, presenta múltiples vulnerabilidades de tipo XSS almacenado por medio del parámetro ninja_forms[recaptcha_site_key], ninja_forms[recaptcha_secret_key], ninja_forms[recaptcha_lang] o ninja_forms[date_format]. • https://spider-security.co.uk/blog-cve-cve-2020-8594 https://wordpress.org/plugins/ninja-forms/#developers https://wpvulndb.com/vulnerabilities/10070 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.1EPSS: 9%CPEs: 1EXPL: 2

Path Traversal and Unrestricted File Upload exists in the Ninja Forms plugin before 3.0.23 for WordPress (when the Uploads add-on is activated). This allows an attacker to traverse the file system to access files and execute code via the includes/fields/upload.php (aka upload/submit page) name and tmp_name parameters. Existe un salto de directorio y una subida de archivo sin restricciones en el pugin Ninja Forms anterior a 3.0.23 para WordPress (cuando el add-on Uploads esta activado). Esto permite a un atacante atravesar el sistema de archivos para acceder a los archivos y ejecutar código a través de los parámetros includes/fields/upload.php (conocido como página upload/submit) nombre y tmp_name. • https://github.com/KTN1990/CVE-2019-10869 https://wpvulndb.com/vulnerabilities/9272 https://www.onvio.nl/nieuws/ninjaforms-vulnerability • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-434: Unrestricted Upload of File with Dangerous Type •