CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-36173 – Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.4.27.1 - Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-36173
The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for submissions-table fields. El plugin Ninja Forms versiones anteriores a 3.4.28 para WordPress, carece de escape para los campos submissions-table • https://wordpress.org/plugins/ninja-forms/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-116: Improper Encoding or Escaping of Output •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12462 – Ninja Forms Contact Form <= 3.4.24.1 - Cross-Site Request Forgery leading to Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-12462
The ninja-forms plugin before 3.4.24.2 for WordPress allows CSRF with resultant XSS. El plugin ninja-forms versiones anteriores a 3.4.24.2 para WordPress, permite un ataque de tipo CSRF con un XSS resultante. The Ninja Forms plugin before 3.4.24.2 for WordPress allows CSRF with resultant XSS. • https://wordpress.org/plugins/ninja-forms/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-8594 – Ninja Forms Contact Form <= 3.4.22 - Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-8594
The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vulnerabilities via ninja_forms[recaptcha_site_key], ninja_forms[recaptcha_secret_key], ninja_forms[recaptcha_lang], or ninja_forms[date_format]. El plugin Ninja Forms versión 3.4.22 para WordPress, presenta múltiples vulnerabilidades de tipo XSS almacenado por medio del parámetro ninja_forms[recaptcha_site_key], ninja_forms[recaptcha_secret_key], ninja_forms[recaptcha_lang] o ninja_forms[date_format]. • https://spider-security.co.uk/blog-cve-cve-2020-8594 https://wordpress.org/plugins/ninja-forms/#developers https://wpvulndb.com/vulnerabilities/10070 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-19796 – Ninja Forms Contact Form <= 3.3.19 - Authenticated Open Redirect
https://notcve.org/view.php?id=CVE-2018-19796
An open redirect in the Ninja Forms plugin before 3.3.19.1 for WordPress allows Remote Attackers to redirect a user via the lib/StepProcessing/step-processing.php (aka submissions download page) redirect parameter. Una redirección abierta en el plugin Ninja Forms en versiones anteriores a la 3.3.19.1 para WordPress permite que los atacantes remotos redirijan a un usuario mediante el parámetro redirect en lib/StepProcessing/step-processing.php (también conocido como submissions download page). • https://plugins.trac.wordpress.org/changeset/1982808/ninja-forms/trunk/lib/StepProcessing/step-processing.php https://wordpress.org/plugins/ninja-forms/#developers https://wpvulndb.com/vulnerabilities/9154 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 27%CPEs: 1EXPL: 1CVE-2018-19287 – Ninja Forms Contact Form <= 3.3.17 - Cross-Site Scripting via begin_date, end_date, or form_id Parameter
https://notcve.org/view.php?id=CVE-2018-19287
XSS in the Ninja Forms plugin before 3.3.18 for WordPress allows Remote Attackers to execute JavaScript via the includes/Admin/Menus/Submissions.php (aka submissions page) begin_date, end_date, or form_id parameter. Cross-Site Scripting (XSS) en el plugin Ninja Forms en versiones anteriores a la 3.3.18 para WordPress permite que atacantes remotos ejecuten JavaScript mediante los parámetros begin_date, end_date o form_id en includes/Admin/Menus/Submissions.php (también conocida como página submissions). WordPress Ninja Forms version 3.3.17 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/45880 https://plugins.trac.wordpress.org/changeset/1974335/ninja-forms/trunk/includes/Admin/Menus/Submissions.php https://wordpress.org/plugins/ninja-forms/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •