CVE-2024-25572
https://notcve.org/view.php?id=CVE-2024-25572
Cross-site request forgery (CSRF) vulnerability exists in Ninja Forms prior to 3.4.31. If a website administrator views a malicious page while logging in, unintended operations may be performed. Vulnerabilidad de Cross-site request forgery (CSRF) existe en Ninja Forms antes de la versión 3.4.31. Si un administrador de un sitio web ve una página maliciosa mientras inicia sesión, se pueden realizar operaciones no deseadas. • https://jvn.jp/en/jp/JVN50361500 https://ninjaforms.com https://wordpress.org/plugins/ninja-forms •
CVE-2024-26019 – Ninja Forms – The Contact Form Builder That Grows With You <= 3.8.0 - Authenticated (Admin+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-26019
Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in submit processing. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing to the website using the product. Ninja Forms anterior a 3.8.1 contiene una vulnerabilidad de cross-site scripting en el procesamiento de envíos. Si se explota esta vulnerabilidad, se puede ejecutar un script arbitrario en el navegador web del usuario que accede al sitio web utilizando el producto. The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form fields in all versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. • https://jvn.jp/en/jp/JVN50361500 https://ninjaforms.com https://wordpress.org/plugins/ninja-forms • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-29220 – Ninja Forms – The Contact Form Builder That Grows With You <= 3.8.0 - Authenticated (Admin+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-29220
Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in custom fields for labels. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing to the website using the product. Ninja Forms anterior a 3.8.1 contiene una vulnerabilidad de cross-site scripting en campos personalizados para etiquetas. Si se explota esta vulnerabilidad, se puede ejecutar un script arbitrario en el navegador web del usuario que accede al sitio web utilizando el producto. The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a form field in all versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. • https://jvn.jp/en/jp/JVN50361500 https://ninjaforms.com https://wordpress.org/plugins/ninja-forms • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •