CVE-2018-16308 – Ninja Forms Contact Form <= 3.3.13 - CSV Injection
https://notcve.org/view.php?id=CVE-2018-16308
The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection. El plugin Ninja Forms en versiones anteriores a la 3.3.14.1 para WordPress permite la inyección CSV. • https://packetstormsecurity.com/files/148993/WordPress-Ninja-Forms-3.3.13-CSV-Injection.html https://wordpress.org/plugins/ninja-forms/#developers https://www.exploit-db.com/exploits/45234 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVE-2018-20981 – Ninja Forms <= 3.3.8 - Insufficient Restrictions during Export Personal Data requests
https://notcve.org/view.php?id=CVE-2018-20981
The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests. El plugin ninja-forms versiones anteriores a 3.3.9 para WordPress, presenta restricciones insuficientes sobre la recuperación de datos de envío durante las peticiones de Exportación de Datos Personales. • https://wordpress.org/plugins/ninja-forms/#developers • CWE-20: Improper Input Validation •
CVE-2018-20980 – Ninja Forms Contact Form <= 3.2.14 - Parameter Tampering
https://notcve.org/view.php?id=CVE-2018-20980
The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering. El plugin ninja-forms versiones anteriores a 3.2.15 para WordPress, presenta una manipulación de parámetros. • https://wordpress.org/plugins/ninja-forms/#developers • CWE-20: Improper Input Validation •
CVE-2018-7280 – Ninja Forms Contact Form <= 3.2.13 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-7280
The Ninja Forms plugin before 3.2.14 for WordPress has XSS. El plugin Ninja Forms en versiones anteriores a la 3.2.14 para WordPress tiene Cross-Site Scripting (XSS). • https://wordpress.org/plugins/ninja-forms/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-18574 – Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.0.30 - HTML Injection
https://notcve.org/view.php?id=CVE-2017-18574
The ninja-forms plugin before 3.0.31 for WordPress has insufficient HTML escaping in the builder. El plugin ninja-forms versiones anteriores a 3.0.31 para WordPress, presenta un escape de HTML insuficiente en el builder. • https://wordpress.org/plugins/ninja-forms/#developers • CWE-20: Improper Input Validation •