Ninja Forms – The Contact Form Builder That Grows With You

Wordfence Intelligence   >   Vulnerability Database   >   WordPress Plugins   >   Ninja Forms – The Contact Form Builder That Grows With You

Information

Software Type Plugin
Software Slug ninja-forms (view on wordpress.org)
Software Status Active
Software Author kstover
Software Website ninjaforms.com
Software Downloads 44,464,539
Software Active Installs 800,000
Software Record Last Updated May 17, 2024

Showing 21-40 of 54 Vulnerabilities

Ninja Forms <= 3.6.25 - Reflected Cross-Site Scripting via 'data'
6.1
CVE-2023-37979
Jul 25, 2023
Researcher: Rafie Muhammad
Ninja Forms Contact Form <= 3.6.21 - Reflected Cross-Site Scripting via 'title'
6.1
CVE-2023-1835
Apr 24, 2023
Researcher: Erwan LR
Ninja Forms Contact Form <= 3.4.33 - Administrator Open Redirect
6.1
CVE-2021-24165
Feb 16, 2021
Researcher: Chloe Chamberland
Ninja Forms Contact Form <= 3.4.24.1 - Cross-Site Request Forgery leading to Stored Cross-Site Scripting
6.1
CVE-2020-12462
Apr 28, 2020
Researcher: Ram
Ninja Forms Contact Form <= 3.3.17 - Cross-Site Scripting via begin_date, end_date, or form_id Parameter
6.1
CVE-2018-19287
Nov 15, 2018
Researchers:
Ninja Forms Contact Form <= 3.2.13 - Cross-Site Scripting
6.1
CVE-2018-7280
Feb 20, 2018
Researcher: Kasper Karlsson
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.0.30 - HTML Injection
6.1
CVE-2017-18574
Mar 7, 2017
Researchers:
Ninja Forms Contact Form <= 2.9.51 - Multiple Reflected Cross-Site Scripting
6.1
CVE ID Unknown
Jul 19, 2016
Researcher: Han Sahin
Ninja Forms Contact Form <= 2.9.18 - Cross-Site Scripting
6.1
CVE ID Unknown
Jun 5, 2015
Researchers:
Ninja Forms <= 2.9.10 - Reflected Cross-Site Scripting
6.1
CVE ID Unknown
Apr 20, 2015
Researchers:
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 2.8.8 - Reflected Cross-Site Scripting
6.1
CVE-2014-9688
Dec 2, 2014
Researcher: Sergio Navarro
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 2.8.6 - Reflected Cross-Site Scripting
6.1
CVE-2014-8815
Nov 6, 2014
Researcher: Kacper Szurek
Ninja Forms <= 3.5.7 - Unprotected REST-API to Email Injection
6.4
CVE-2021-34648
Sep 22, 2021
Researcher: Chloe Chamberland
Ninja Forms Contact Form <= 3.4.22 - Stored Cross-Site Scripting
6.4
CVE-2020-8594
Feb 3, 2020
Researcher: Spider Sec Ltd
Ninja Forms <= 3.6.24 - Authenticated (Admin+) Arbitrary File Deletion
6.5
CVE-2023-36505
Jun 22, 2023
Researcher: Theodoros Malachias
Ninja Forms <= 3.5.7 - Unprotected REST-API to Sensitive Information Disclosure
6.5
CVE-2021-34647
Sep 22, 2021
Researcher: Chloe Chamberland
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.4.27.1 - Stored Cross-Site Scripting
6.5
CVE-2020-36173
Sep 20, 2020
Researchers:
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.6.12 - Authenticated (Administrator+) PHP Objection Injection
7.2
CVE-2022-2903
Sep 5, 2022
Researcher: Alessio Santoru
Ninja Forms Contact Form <= 3.6.3 - Authenticated SQL Injection
7.2
CVE-2021-24889
Oct 26, 2021
Researcher: ZhongFu Su
Ninja Forms Contact Form <= 2.9.28 - Stored Cross-Site Scripting
7.2
CVE ID Unknown
Dec 8, 2015
Researcher: Kenan G.
Title Status CVE ID CVSS Researchers Date
Ninja Forms <= 3.6.25 - Reflected Cross-Site Scripting via 'data' Patched CVE-2023-37979 6.1 Rafie Muhammad July 25, 2023
Ninja Forms Contact Form <= 3.6.21 - Reflected Cross-Site Scripting via 'title' Patched CVE-2023-1835 6.1 Erwan LR April 24, 2023
Ninja Forms Contact Form <= 3.4.33 - Administrator Open Redirect Patched CVE-2021-24165 6.1 Chloe Chamberland February 16, 2021
Ninja Forms Contact Form <= 3.4.24.1 - Cross-Site Request Forgery leading to Stored Cross-Site Scripting Patched CVE-2020-12462 6.1 Ram April 28, 2020
Ninja Forms Contact Form <= 3.3.17 - Cross-Site Scripting via begin_date, end_date, or form_id Parameter Patched CVE-2018-19287 6.1 November 15, 2018
Ninja Forms Contact Form <= 3.2.13 - Cross-Site Scripting Patched CVE-2018-7280 6.1 Kasper Karlsson February 20, 2018
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.0.30 - HTML Injection Patched CVE-2017-18574 6.1 March 7, 2017
Ninja Forms Contact Form <= 2.9.51 - Multiple Reflected Cross-Site Scripting Patched 6.1 Han Sahin July 19, 2016
Ninja Forms Contact Form <= 2.9.18 - Cross-Site Scripting Patched 6.1 June 5, 2015
Ninja Forms <= 2.9.10 - Reflected Cross-Site Scripting Patched 6.1 April 20, 2015
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 2.8.8 - Reflected Cross-Site Scripting Patched CVE-2014-9688 6.1 Sergio Navarro December 2, 2014
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 2.8.6 - Reflected Cross-Site Scripting Patched CVE-2014-8815 6.1 Kacper Szurek November 6, 2014
Ninja Forms <= 3.5.7 - Unprotected REST-API to Email Injection Patched CVE-2021-34648 6.4 Chloe Chamberland September 22, 2021
Ninja Forms Contact Form <= 3.4.22 - Stored Cross-Site Scripting Patched CVE-2020-8594 6.4 Spider Sec Ltd February 3, 2020
Ninja Forms <= 3.6.24 - Authenticated (Admin+) Arbitrary File Deletion Patched CVE-2023-36505 6.5 Theodoros Malachias June 22, 2023
Ninja Forms <= 3.5.7 - Unprotected REST-API to Sensitive Information Disclosure Patched CVE-2021-34647 6.5 Chloe Chamberland September 22, 2021
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.4.27.1 - Stored Cross-Site Scripting Patched CVE-2020-36173 6.5 September 20, 2020
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.6.12 - Authenticated (Administrator+) PHP Objection Injection Patched CVE-2022-2903 7.2 Alessio Santoru September 5, 2022
Ninja Forms Contact Form <= 3.6.3 - Authenticated SQL Injection Patched CVE-2021-24889 7.2 ZhongFu Su October 26, 2021
Ninja Forms Contact Form <= 2.9.28 - Stored Cross-Site Scripting Patched 7.2 Kenan G. December 8, 2015

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation