Page 7 of 38 results (0.009 seconds)

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0

The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests. El plugin ninja-forms versiones anteriores a 3.3.9 para WordPress, presenta restricciones insuficientes sobre la recuperación de datos de envío durante las peticiones de Exportación de Datos Personales. • https://wordpress.org/plugins/ninja-forms/#developers • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering. El plugin ninja-forms versiones anteriores a 3.2.15 para WordPress, presenta una manipulación de parámetros. • https://wordpress.org/plugins/ninja-forms/#developers • CWE-20: Improper Input Validation •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

The Ninja Forms plugin before 3.2.14 for WordPress has XSS. El plugin Ninja Forms en versiones anteriores a la 3.2.14 para WordPress tiene Cross-Site Scripting (XSS). • https://wordpress.org/plugins/ninja-forms/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

The ninja-forms plugin before 3.0.31 for WordPress has insufficient HTML escaping in the builder. El plugin ninja-forms versiones anteriores a 3.0.31 para WordPress, presenta un escape de HTML insuficiente en el builder. • https://wordpress.org/plugins/ninja-forms/#developers • CWE-20: Improper Input Validation •

CVSS: 9.8EPSS: 92%CPEs: 1EXPL: 3

The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request. El plugin Ninja Forms en versiones anteriores a 2.9.42.1 para WordPress permite a atacantes remotos llevar a cabo ataques de inyección de objetos PHP a través de valores serializados manipulados en una petición POST. Versions 2.9.36 to 2.9.42 of the Ninja Forms plugin contain an unauthenticated file upload vulnerability, allowing guests to upload arbitrary PHP code that can be executed in the context of the web server. • https://www.exploit-db.com/exploits/41692 http://jvn.jp/en/jp/JVN44657371/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2016-000064 http://packetstormsecurity.com/files/137211/WordPress-Ninja-Forms-Unauthenticated-File-Upload.html http://www.pritect.net/blog/ninja-forms-2-9-42-critical-security-vulnerabilities http://www.rapid7.com/db/modules/exploit/unix/webapp/wp_ninja_forms_unauthenticated_file_upload https://ninjaforms.com/important-security-update-always-hurt-ones-love https://wordpress.org&#x • CWE-20: Improper Input Validation •