Page 8 of 42 results (0.003 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering. El plugin ninja-forms versiones anteriores a 3.2.15 para WordPress, presenta una manipulación de parámetros. • https://wordpress.org/plugins/ninja-forms/#developers • CWE-20: Improper Input Validation •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

The Ninja Forms plugin before 3.2.14 for WordPress has XSS. El plugin Ninja Forms en versiones anteriores a la 3.2.14 para WordPress tiene Cross-Site Scripting (XSS). • https://wordpress.org/plugins/ninja-forms/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

The ninja-forms plugin before 3.0.31 for WordPress has insufficient HTML escaping in the builder. El plugin ninja-forms versiones anteriores a 3.0.31 para WordPress, presenta un escape de HTML insuficiente en el builder. • https://wordpress.org/plugins/ninja-forms/#developers • CWE-20: Improper Input Validation •

CVSS: 9.8EPSS: 92%CPEs: 1EXPL: 3

The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request. El plugin Ninja Forms en versiones anteriores a 2.9.42.1 para WordPress permite a atacantes remotos llevar a cabo ataques de inyección de objetos PHP a través de valores serializados manipulados en una petición POST. Versions 2.9.36 to 2.9.42 of the Ninja Forms plugin contain an unauthenticated file upload vulnerability, allowing guests to upload arbitrary PHP code that can be executed in the context of the web server. • https://www.exploit-db.com/exploits/41692 http://jvn.jp/en/jp/JVN44657371/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2016-000064 http://packetstormsecurity.com/files/137211/WordPress-Ninja-Forms-Unauthenticated-File-Upload.html http://www.pritect.net/blog/ninja-forms-2-9-42-critical-security-vulnerabilities http://www.rapid7.com/db/modules/exploit/unix/webapp/wp_ninja_forms_unauthenticated_file_upload https://ninjaforms.com/important-security-update-always-hurt-ones-love https://wordpress.org&#x • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for WordPress has unknown impact and remote attack vectors related to admin users. Vulnerabilidad no especificada en el plugin Ninja Forms anterior a 2.8.10 para WordPress tiene un impacto desconocido y vectores de ataque remotos relacionados con los usuarios de administración. The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘ninja_forms_field_1’ parameter in versions up to, and including, 2.8.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://wordpress.org/plugins/ninja-forms/changelog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •