CVE-2020-36175 – Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.4.27 - Validation Bypass via Email Field
https://notcve.org/view.php?id=CVE-2020-36175
The Ninja Forms plugin before 3.4.27.1 for WordPress allows attackers to bypass validation via the email field. El plugin Ninja Forms versiones anteriores a 3.4.27.1 para WordPress, permite a atacantes omitir la comprobación por medio del campo email • https://wordpress.org/plugins/ninja-forms/#developers • CWE-20: Improper Input Validation •
CVE-2020-36174 – Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.4.27 - Cross-Site Request Forgery to Plugin Installation
https://notcve.org/view.php?id=CVE-2020-36174
The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration. El plugin Ninja Forms versiones anteriores a 3.4.27.1 para WordPress, permite un ataque de tipo CSRF por medio de la integración de servicios The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration. This makes it possible for attackers to install arbitrary plugins. • https://wordpress.org/plugins/ninja-forms/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2020-36173 – Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.4.27.1 - Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-36173
The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for submissions-table fields. El plugin Ninja Forms versiones anteriores a 3.4.28 para WordPress, carece de escape para los campos submissions-table • https://wordpress.org/plugins/ninja-forms/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-116: Improper Encoding or Escaping of Output •
CVE-2020-12462 – Ninja Forms Contact Form <= 3.4.24.1 - Cross-Site Request Forgery leading to Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-12462
The ninja-forms plugin before 3.4.24.2 for WordPress allows CSRF with resultant XSS. El plugin ninja-forms versiones anteriores a 3.4.24.2 para WordPress, permite un ataque de tipo CSRF con un XSS resultante. The Ninja Forms plugin before 3.4.24.2 for WordPress allows CSRF with resultant XSS. • https://wordpress.org/plugins/ninja-forms/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2020-8594 – Ninja Forms Contact Form <= 3.4.22 - Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-8594
The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vulnerabilities via ninja_forms[recaptcha_site_key], ninja_forms[recaptcha_secret_key], ninja_forms[recaptcha_lang], or ninja_forms[date_format]. El plugin Ninja Forms versión 3.4.22 para WordPress, presenta múltiples vulnerabilidades de tipo XSS almacenado por medio del parámetro ninja_forms[recaptcha_site_key], ninja_forms[recaptcha_secret_key], ninja_forms[recaptcha_lang] o ninja_forms[date_format]. • https://spider-security.co.uk/blog-cve-cve-2020-8594 https://wordpress.org/plugins/ninja-forms/#developers https://wpvulndb.com/vulnerabilities/10070 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •