Ninja Forms – The Contact Form Builder That Grows With You

Wordfence Intelligence   >   Vulnerability Database   >   WordPress Plugins   >   Ninja Forms – The Contact Form Builder That Grows With You

Information

Software Type Plugin
Software Slug ninja-forms (view on wordpress.org)
Software Status Active
Software Author kstover
Software Website ninjaforms.com
Software Downloads 48,763,671
Software Active Installs 800,000
Software Record Last Updated October 20, 2024

Showing 1-20 of 60 Vulnerabilities

Submit a Vulnerability
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 2.8.6 - Reflected Cross-Site Scripting
6.1
CVE-2014-8815
Nov 6, 2014
Researcher: Kacper Szurek
Ninja Forms Contact Form <= 2.8.8 - Stored Cross-Site Scripting
7.2
CVE-2015-2220
Nov 20, 2014
Researcher: Sergio Navarro
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 2.8.8 - Reflected Cross-Site Scripting
6.1
CVE-2014-9688
Dec 2, 2014
Researcher: Sergio Navarro
Ninja Forms <= 2.9.10 - Reflected Cross-Site Scripting
6.1
CVE ID Unknown
Apr 20, 2015
Researchers:
Ninja Forms Contact Form <= 2.9.18 - Cross-Site Scripting
6.1
CVE ID Unknown
Jun 5, 2015
Researchers:
Ninja Forms Contact Form <= 2.9.21 - Reflected Cross-Site Scripting
5.4
CVE ID Unknown
Aug 4, 2015
Researchers: Kenneth Jepsen, Mikkel Vej, Morten Nortoft
Ninja Forms Contact Form <= 2.9.27 - CSV Injection
8.4
CVE ID Unknown
Sep 30, 2015
Researchers: Smit B. Shah, Hely H. Shah
Ninja Forms Contact Form <= 2.9.28 - Stored Cross-Site Scripting
7.2
CVE ID Unknown
Dec 8, 2015
Researcher: Kenan G.
Ninja Forms Contact Form 2.9.36 - 2.9.42 - Unauthenticated Arbitrary File Upload
9.8
CVE-2016-1209
May 5, 2016
Researcher: James Golovich
Ninja Forms Contact Form 2.9.36 - 2.9.42 - PHP Object Injection
8.1
CVE-2016-1209
May 13, 2016
Researchers:
Ninja Forms Contact Form <= 2.9.51 - Multiple Reflected Cross-Site Scripting
6.1
CVE ID Unknown
Jul 19, 2016
Researcher: Han Sahin
Ninja Forms Contact Form <= 2.9.55.1 - Authenticated SQL Injection
8.8
CVE ID Unknown
Aug 16, 2016
Researchers:
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.0.30 - HTML Injection
6.1
CVE-2017-18574
Mar 7, 2017
Researchers:
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.0.31 - Arbitrary Wordpress Shortcode Injection
5.3
CVE ID Unknown
Apr 17, 2017
Researcher: James Golovich
Ninja Forms Contact Form <= 3.2.13 - Cross-Site Scripting
6.1
CVE-2018-7280
Feb 20, 2018
Researcher: Kasper Karlsson
Ninja Forms Contact Form <= 3.2.14 - Parameter Tampering
7.5
CVE-2018-20980
Feb 26, 2018
Researchers:
Ninja Forms <= 3.3.8 - Insufficient Restrictions during Export Personal Data requests
9.1
CVE-2018-20981
Jul 6, 2018
Researchers:
Ninja Forms Contact Form <= 3.3.13 - CSV Injection
8.6
CVE-2018-16308
Aug 19, 2018
Researchers:
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.3.13 - Cross-Site Scripting
8.3
CVE ID Unknown
Aug 27, 2018
Researcher: Adam Roberts
Ninja Forms Contact Form <= 3.3.17 - Cross-Site Scripting via begin_date, end_date, or form_id Parameter
6.1
CVE-2018-19287
Nov 15, 2018
Researchers:
Title Status CVE ID CVSS Researchers Date
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 2.8.6 - Reflected Cross-Site Scripting Patched CVE-2014-8815 6.1 Kacper Szurek November 6, 2014
Ninja Forms Contact Form <= 2.8.8 - Stored Cross-Site Scripting Patched CVE-2015-2220 7.2 Sergio Navarro November 20, 2014
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 2.8.8 - Reflected Cross-Site Scripting Patched CVE-2014-9688 6.1 Sergio Navarro December 2, 2014
Ninja Forms <= 2.9.10 - Reflected Cross-Site Scripting Patched 6.1 April 20, 2015
Ninja Forms Contact Form <= 2.9.18 - Cross-Site Scripting Patched 6.1 June 5, 2015
Ninja Forms Contact Form <= 2.9.21 - Reflected Cross-Site Scripting Patched 5.4 Kenneth Jepsen, Mikkel Vej, Morten Nortoft August 4, 2015
Ninja Forms Contact Form <= 2.9.27 - CSV Injection Patched 8.4 Smit B. Shah, Hely H. Shah September 30, 2015
Ninja Forms Contact Form <= 2.9.28 - Stored Cross-Site Scripting Patched 7.2 Kenan G. December 8, 2015
Ninja Forms Contact Form 2.9.36 - 2.9.42 - Unauthenticated Arbitrary File Upload Patched CVE-2016-1209 9.8 James Golovich May 5, 2016
Ninja Forms Contact Form 2.9.36 - 2.9.42 - PHP Object Injection Patched CVE-2016-1209 8.1 May 13, 2016
Ninja Forms Contact Form <= 2.9.51 - Multiple Reflected Cross-Site Scripting Patched 6.1 Han Sahin July 19, 2016
Ninja Forms Contact Form <= 2.9.55.1 - Authenticated SQL Injection Patched 8.8 August 16, 2016
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.0.30 - HTML Injection Patched CVE-2017-18574 6.1 March 7, 2017
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.0.31 - Arbitrary Wordpress Shortcode Injection Patched 5.3 James Golovich April 17, 2017
Ninja Forms Contact Form <= 3.2.13 - Cross-Site Scripting Patched CVE-2018-7280 6.1 Kasper Karlsson February 20, 2018
Ninja Forms Contact Form <= 3.2.14 - Parameter Tampering Patched CVE-2018-20980 7.5 February 26, 2018
Ninja Forms <= 3.3.8 - Insufficient Restrictions during Export Personal Data requests Patched CVE-2018-20981 9.1 July 6, 2018
Ninja Forms Contact Form <= 3.3.13 - CSV Injection Patched CVE-2018-16308 8.6 August 19, 2018
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.3.13 - Cross-Site Scripting Patched 8.3 Adam Roberts August 27, 2018
Ninja Forms Contact Form <= 3.3.17 - Cross-Site Scripting via begin_date, end_date, or form_id Parameter Patched CVE-2018-19287 6.1 November 15, 2018

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation