Ninja Forms – The Contact Form Builder That Grows With You

Wordfence Intelligence   >   Vulnerability Database   >   WordPress Plugins   >   Ninja Forms – The Contact Form Builder That Grows With You

Information

Software Type Plugin
Software Slug ninja-forms (view on wordpress.org)
Software Status Active
Software Author kstover
Software Website ninjaforms.com
Software Downloads 44,464,539
Software Active Installs 800,000
Software Record Last Updated May 17, 2024

Showing 1-20 of 54 Vulnerabilities

Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.6.10 - Code Injection
9.8
CVE ID Unknown
Jun 15, 2022
Researchers:
Ninja Forms Contact Form <= 3.3.21.1 - SQL Injection
9.8
CVE-2019-15025
Jan 7, 2019
Researchers:
Ninja Forms Contact Form 2.9.36 - 2.9.42 - Unauthenticated Arbitrary File Upload
9.8
CVE-2016-1209
May 5, 2016
Researcher: James Golovich
Ninja Forms <= 3.3.8 - Insufficient Restrictions during Export Personal Data requests
9.1
CVE-2018-20981
Jul 6, 2018
Researchers:
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.6.9 - Cross-Site Request Forgery to Field Import and PHP Object Injection
8.8
CVE ID Unknown
Jun 7, 2022
Researchers:
Ninja Forms Contact Form <= 3.4.33 - Authenticated SendWP Plugin Installation and Client Secret Key Disclosure
8.8
CVE-2021-24163
Feb 16, 2021
Researcher: Chloe Chamberland
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.4.27 - Cross-Site Request Forgery to Plugin Installation
8.8
CVE-2020-36174
Sep 22, 2020
Researcher: Slavco Mihajloski
Ninja Forms Contact Form <= 2.9.55.1 - Authenticated SQL Injection
8.8
CVE ID Unknown
Aug 16, 2016
Researchers:
Ninja Forms Contact Form <= 3.3.13 - CSV Injection
8.6
CVE-2018-16308
Aug 19, 2018
Researchers:
Ninja Forms Contact Form <= 2.9.27 - CSV Injection
8.4
CVE ID Unknown
Sep 30, 2015
Researchers: Smit B. Shah, Hely H. Shah
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.3.13 - Cross-Site Scripting
8.3
CVE ID Unknown
Aug 27, 2018
Researcher: Adam Roberts
Ninja Forms Contact Form 2.9.36 - 2.9.42 - PHP Object Injection
8.1
CVE-2016-1209
May 13, 2016
Researchers:
Ninja Forms Contact Form <= 3.2.14 - Parameter Tampering
7.5
CVE-2018-20980
Feb 26, 2018
Researchers:
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.6.12 - Authenticated (Administrator+) PHP Objection Injection
7.2
CVE-2022-2903
Sep 5, 2022
Researcher: Alessio Santoru
Ninja Forms Contact Form <= 3.6.3 - Authenticated SQL Injection
7.2
CVE-2021-24889
Oct 26, 2021
Researcher: ZhongFu Su
Ninja Forms Contact Form <= 2.9.28 - Stored Cross-Site Scripting
7.2
CVE ID Unknown
Dec 8, 2015
Researcher: Kenan G.
Ninja Forms Contact Form <= 2.8.8 - Stored Cross-Site Scripting
7.2
CVE-2015-2220
Nov 20, 2014
Researcher: Sergio Navarro
Ninja Forms <= 3.6.24 - Authenticated (Admin+) Arbitrary File Deletion
6.5
CVE-2023-36505
Jun 22, 2023
Researcher: Theodoros Malachias
Ninja Forms <= 3.5.7 - Unprotected REST-API to Sensitive Information Disclosure
6.5
CVE-2021-34647
Sep 22, 2021
Researcher: Chloe Chamberland
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.4.27.1 - Stored Cross-Site Scripting
6.5
CVE-2020-36173
Sep 20, 2020
Researchers:
Title Status CVE ID CVSS Researchers Date
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.6.10 - Code Injection Patched 9.8 June 15, 2022
Ninja Forms Contact Form <= 3.3.21.1 - SQL Injection Patched CVE-2019-15025 9.8 January 7, 2019
Ninja Forms Contact Form 2.9.36 - 2.9.42 - Unauthenticated Arbitrary File Upload Patched CVE-2016-1209 9.8 James Golovich May 5, 2016
Ninja Forms <= 3.3.8 - Insufficient Restrictions during Export Personal Data requests Patched CVE-2018-20981 9.1 July 6, 2018
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.6.9 - Cross-Site Request Forgery to Field Import and PHP Object Injection Patched 8.8 June 7, 2022
Ninja Forms Contact Form <= 3.4.33 - Authenticated SendWP Plugin Installation and Client Secret Key Disclosure Patched CVE-2021-24163 8.8 Chloe Chamberland February 16, 2021
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.4.27 - Cross-Site Request Forgery to Plugin Installation Patched CVE-2020-36174 8.8 Slavco Mihajloski September 22, 2020
Ninja Forms Contact Form <= 2.9.55.1 - Authenticated SQL Injection Patched 8.8 August 16, 2016
Ninja Forms Contact Form <= 3.3.13 - CSV Injection Patched CVE-2018-16308 8.6 August 19, 2018
Ninja Forms Contact Form <= 2.9.27 - CSV Injection Patched 8.4 Smit B. Shah, Hely H. Shah September 30, 2015
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.3.13 - Cross-Site Scripting Patched 8.3 Adam Roberts August 27, 2018
Ninja Forms Contact Form 2.9.36 - 2.9.42 - PHP Object Injection Patched CVE-2016-1209 8.1 May 13, 2016
Ninja Forms Contact Form <= 3.2.14 - Parameter Tampering Patched CVE-2018-20980 7.5 February 26, 2018
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.6.12 - Authenticated (Administrator+) PHP Objection Injection Patched CVE-2022-2903 7.2 Alessio Santoru September 5, 2022
Ninja Forms Contact Form <= 3.6.3 - Authenticated SQL Injection Patched CVE-2021-24889 7.2 ZhongFu Su October 26, 2021
Ninja Forms Contact Form <= 2.9.28 - Stored Cross-Site Scripting Patched 7.2 Kenan G. December 8, 2015
Ninja Forms Contact Form <= 2.8.8 - Stored Cross-Site Scripting Patched CVE-2015-2220 7.2 Sergio Navarro November 20, 2014
Ninja Forms <= 3.6.24 - Authenticated (Admin+) Arbitrary File Deletion Patched CVE-2023-36505 6.5 Theodoros Malachias June 22, 2023
Ninja Forms <= 3.5.7 - Unprotected REST-API to Sensitive Information Disclosure Patched CVE-2021-34647 6.5 Chloe Chamberland September 22, 2021
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.4.27.1 - Stored Cross-Site Scripting Patched CVE-2020-36173 6.5 September 20, 2020

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation