CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-20981 – Ninja Forms <= 3.3.8 - Insufficient Restrictions during Export Personal Data requests
https://notcve.org/view.php?id=CVE-2018-20981
The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests. El plugin ninja-forms versiones anteriores a 3.3.9 para WordPress, presenta restricciones insuficientes sobre la recuperación de datos de envío durante las peticiones de Exportación de Datos Personales. • https://wordpress.org/plugins/ninja-forms/#developers • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-20980 – Ninja Forms Contact Form <= 3.2.14 - Parameter Tampering
https://notcve.org/view.php?id=CVE-2018-20980
The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering. El plugin ninja-forms versiones anteriores a 3.2.15 para WordPress, presenta una manipulación de parámetros. • https://wordpress.org/plugins/ninja-forms/#developers • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7280 – Ninja Forms Contact Form <= 3.2.13 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-7280
The Ninja Forms plugin before 3.2.14 for WordPress has XSS. El plugin Ninja Forms en versiones anteriores a la 3.2.14 para WordPress tiene Cross-Site Scripting (XSS). • https://wordpress.org/plugins/ninja-forms/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18574 – Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.0.30 - HTML Injection
https://notcve.org/view.php?id=CVE-2017-18574
The ninja-forms plugin before 3.0.31 for WordPress has insufficient HTML escaping in the builder. El plugin ninja-forms versiones anteriores a 3.0.31 para WordPress, presenta un escape de HTML insuficiente en el builder. • https://wordpress.org/plugins/ninja-forms/#developers • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 92%CPEs: 1EXPL: 3CVE-2016-1209 – Ninja Forms Contact Form 2.9.36 - 2.9.42 - PHP Object Injection
https://notcve.org/view.php?id=CVE-2016-1209
The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request. El plugin Ninja Forms en versiones anteriores a 2.9.42.1 para WordPress permite a atacantes remotos llevar a cabo ataques de inyección de objetos PHP a través de valores serializados manipulados en una petición POST. Versions 2.9.36 to 2.9.42 of the Ninja Forms plugin contain an unauthenticated file upload vulnerability, allowing guests to upload arbitrary PHP code that can be executed in the context of the web server. • https://www.exploit-db.com/exploits/41692 http://jvn.jp/en/jp/JVN44657371/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2016-000064 http://packetstormsecurity.com/files/137211/WordPress-Ninja-Forms-Unauthenticated-File-Upload.html http://www.pritect.net/blog/ninja-forms-2-9-42-critical-security-vulnerabilities http://www.rapid7.com/db/modules/exploit/unix/webapp/wp_ninja_forms_unauthenticated_file_upload https://ninjaforms.com/important-security-update-always-hurt-ones-love https://wordpress.org&#x • CWE-20: Improper Input Validation •