WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress

2022-06-15
Ninja Forms < 3.6.11 - Unauthenticated PHP Object Injection
Fixed in version 3.6.11
2022-06-13
Ninja Forms < 3.6.10 - Admin+ Stored Cross-Site Scripting
Fixed in version 3.6.10
2022-06-10
Ninja Forms < 3.6.10 - Admin+ Stored Cross-Site Scripting via Import
Fixed in version 3.6.10
2022-03-22
Ninja Forms < 3.6.8 - Unauthenticated Email Address Disclosure
Fixed in version 3.6.8-wp
2021-10-26
Ninja Forms < 3.6.4 - Admin+ SQL Injection
Fixed in version 3.6.4
2021-09-27
NinjaForms < 3.5.8.2 - Admin+ Stored Cross-Site Scripting
Fixed in version 3.5.8.2
2021-09-22
Ninja Forms < 3.5.8 - Unprotected REST-API to Email Injection
Fixed in version 3.5.8
2021-09-22
Ninja Forms < 3.5.8 - Unprotected REST-API to Sensitive Information Disclosure
Fixed in version 3.5.8
2021-06-07
Nina Forms < 3.5.5 - Reflected Cross-Site Scripting
Fixed in version 3.5.5
2021-02-16
Ninja Forms < 3.4.34 - Administrator Open Redirect
Fixed in version 3.4.34
2021-02-16
Ninja Forms < 3.4.34.1 - Authenticated OAuth Connection Key Disclosure
Fixed in version 3.4.34.1
2021-02-16
Ninja Forms < 3.4.34 - Authenticated SendWP Plugin Installation and Client Secret Key Disclosure
Fixed in version 3.4.34
2021-02-16
Ninja Forms < 3.4.34 - CSRF to OAuth Service Disconnection
Fixed in version 3.4.34
2020-09-22
Ninja Forms < 3.4.27.1 - CSRF leading to Arbitrary Plugin Installation
Fixed in version 3.4.27.1
2020-09-22
Ninja Forms < 3.4.27.1 - Validation Bypass via Email Field
Fixed in version 3.4.27.1
2020-09-20
Ninja Forms < 3.4.28 - Stored Cross-Site Scripting
Fixed in version 3.4.28
2020-04-29
Ninja Forms < 3.4.24.2 - CSRF to Stored XSS
Fixed in version 3.4.24.2
2020-02-03
Ninja Forms < 3.4.23 - CSRF to Stored Cross-Site Scripting (XSS)
Fixed in version 3.4.23
2019-01-10
Ninja Forms <= 3.3.21 - XSS and SQLi
Fixed in version 3.3.21.3
2019-01-07
Ninja Forms < 3.3.21.2 - SQL Injection
Fixed in version 3.3.21.2
2018-12-01
Ninja Forms <= 3.3.19 - Authenticated Open Redirect
Fixed in version 3.3.19.1
2018-11-14
Ninja Forms <= 3.3.17 - Unauthenticated Cross-Site Scripting (XSS)
Fixed in version 3.3.18
2018-08-27
Ninja Forms <= 3.3.13 - Cross-Site Scripting (XSS) in Import Function
Fixed in version 3.3.14
2018-08-21
Ninja Forms <= 3.3.13 - CSV Injection
Fixed in version 3.3.14
2018-07-06
Ninja Forms < 3.3.9 - Insufficient Restrictions during Export Personal Data requests
Fixed in version 3.3.9
2018-02-26
Ninja Forms < 3.2.15 - Parameter Tampering
Fixed in version 3.2.15
2018-02-20
Ninja Forms <= 3.2.13 - Cross-Site Scripting (XSS)
Fixed in version 3.2.14
2017-03-07
Ninja Forms < 3.0.31 - XSS
Fixed in version 3.0.31
2016-08-16
Ninja Forms <= 2.9.55.1 - Authenticated SQL Injection
Fixed in version 2.9.55.2
2016-07-19
Ninja Forms <= 2.9.51 - Multiple Authenticated Cross-Site Scripting (XSS)
Fixed in version 2.9.52
2016-05-04
Ninja Forms 2.9.36 to 2.9.42 - Multiple Vulnerabilities
Fixed in version 2.9.43
2015-09-30
Ninja Forms <= 2.9.27 - Malicious File Export
Fixed in version 2.9.28
2015-08-04
Ninja Forms <= 2.9.21 - Authenticated Reflected Cross-Site Scripting (XSS)
Fixed in version 2.9.22
2015-06-05
Ninja Forms <= 2.9.18 - Cross-Site Scripting (XSS)
Fixed in version 2.9.19
2015-04-20
Ninja Forms <= 2.9.10 - Cross-Site Scripting (XSS)
Fixed in version 2.9.11
2015-02-11
Ninja Forms <= 2.8.8 - Stored & Reflected XSS
Fixed in version 2.8.9
2014-12-02
Ninja Forms <= 2.8.9 - Unspecified Issue Affecting Admin Users
Fixed in version 2.8.10
2014-11-04
Ninja Forms 2.8.6 - Reflected Cross-Site Scripting (XSS)
Fixed in version 2.8.7