Ninja Forms – The Contact Form Builder That Grows With You

Information

Software Type Plugin
Software Slug ninja-forms (view on wordpress.org)
Software Status Active
Software Author kstover
Software Website ninjaforms.com
Software Downloads 45,524,726
Software Active Installs 800,000
Software Record Last Updated July 18, 2024

Showing 1-20 of 56 Vulnerabilities

6.1
CVE ID Unknown
Apr 20, 2015
Researchers:
6.1
CVE ID Unknown
Jun 5, 2015
Researchers:
8.4
CVE ID Unknown
Sep 30, 2015
Researchers: Smit B. Shah, Hely H. Shah
8.8
CVE ID Unknown
Aug 16, 2016
Researchers:
Title Status CVE ID CVSS Researchers Date
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 2.8.6 - Reflected Cross-Site Scripting Patched CVE-2014-8815 6.1 Kacper Szurek November 6, 2014
Ninja Forms Contact Form <= 2.8.8 - Stored Cross-Site Scripting Patched CVE-2015-2220 7.2 Sergio Navarro November 20, 2014
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 2.8.8 - Reflected Cross-Site Scripting Patched CVE-2014-9688 6.1 Sergio Navarro December 2, 2014
Ninja Forms <= 2.9.10 - Reflected Cross-Site Scripting Patched 6.1 April 20, 2015
Ninja Forms Contact Form <= 2.9.18 - Cross-Site Scripting Patched 6.1 June 5, 2015
Ninja Forms Contact Form <= 2.9.21 - Reflected Cross-Site Scripting Patched 5.4 Kenneth Jepsen, Mikkel Vej, Morten Nortoft August 4, 2015
Ninja Forms Contact Form <= 2.9.27 - CSV Injection Patched 8.4 Smit B. Shah, Hely H. Shah September 30, 2015
Ninja Forms Contact Form <= 2.9.28 - Stored Cross-Site Scripting Patched 7.2 Kenan G. December 8, 2015
Ninja Forms Contact Form 2.9.36 - 2.9.42 - Unauthenticated Arbitrary File Upload Patched CVE-2016-1209 9.8 James Golovich May 5, 2016
Ninja Forms Contact Form 2.9.36 - 2.9.42 - PHP Object Injection Patched CVE-2016-1209 8.1 May 13, 2016
Ninja Forms Contact Form <= 2.9.51 - Multiple Reflected Cross-Site Scripting Patched 6.1 Han Sahin July 19, 2016
Ninja Forms Contact Form <= 2.9.55.1 - Authenticated SQL Injection Patched 8.8 August 16, 2016
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.0.30 - HTML Injection Patched CVE-2017-18574 6.1 March 7, 2017
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.0.31 - Arbitrary Wordpress Shortcode Injection Patched 5.3 James Golovich April 17, 2017
Ninja Forms Contact Form <= 3.2.13 - Cross-Site Scripting Patched CVE-2018-7280 6.1 Kasper Karlsson February 20, 2018
Ninja Forms Contact Form <= 3.2.14 - Parameter Tampering Patched CVE-2018-20980 7.5 February 26, 2018
Ninja Forms <= 3.3.8 - Insufficient Restrictions during Export Personal Data requests Patched CVE-2018-20981 9.1 July 6, 2018
Ninja Forms Contact Form <= 3.3.13 - CSV Injection Patched CVE-2018-16308 8.6 August 19, 2018
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.3.13 - Cross-Site Scripting Patched 8.3 Adam Roberts August 27, 2018
Ninja Forms Contact Form <= 3.3.17 - Cross-Site Scripting via begin_date, end_date, or form_id Parameter Patched CVE-2018-19287 6.1 November 15, 2018

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation