Ninjaforms CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2018-16308	1 Ninjaforms	1 Ninja Forms	2024-11-21	N/A
The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection.
CVE-2017-18574	1 Ninjaforms	1 Ninja Forms	2024-11-21	N/A
The ninja-forms plugin before 3.0.31 for WordPress has insufficient HTML escaping in the builder.
CVE-2024-7354	1 Ninjaforms	1 Ninja Forms	2024-10-04	6.1 Medium
The Ninja Forms WordPress plugin before 3.8.11 does not escape an URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVE-2024-43999	1 Ninjaforms	1 Ninja Forms	2024-09-25	5.9 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saturday Drive Ninja Forms allows Stored XSS.This issue affects Ninja Forms: from n/a through 3.8.11.

« first previous Page 4 of 4.