WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact
WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress

2022-09-05
NinjaForms < 3.6.13 - Admin+ PHP Objection Injection
Fixed in version 3.6.13
2022-06-15
Ninja Forms < 3.6.11 - Unauthenticated PHP Object Injection
Fixed in version 3.6.11
2022-06-13
Ninja Forms < 3.6.10 - Admin+ Stored Cross-Site Scripting
Fixed in version 3.6.10
2022-06-10
Ninja Forms < 3.6.10 - Admin+ Stored Cross-Site Scripting via Import
Fixed in version 3.6.10
2022-03-22
Ninja Forms < 3.6.8 - Unauthenticated Email Address Disclosure
Fixed in version 3.6.8-wp
2021-10-26
Ninja Forms < 3.6.4 - Admin+ SQL Injection
Fixed in version 3.6.4
2021-09-27
NinjaForms < 3.5.8.2 - Admin+ Stored Cross-Site Scripting
Fixed in version 3.5.8.2
2021-09-22
Ninja Forms < 3.5.8 - Unprotected REST-API to Email Injection
Fixed in version 3.5.8
2021-09-22
Ninja Forms < 3.5.8 - Unprotected REST-API to Sensitive Information Disclosure
Fixed in version 3.5.8
2021-06-07
Nina Forms < 3.5.5 - Reflected Cross-Site Scripting
Fixed in version 3.5.5
2021-02-16
Ninja Forms < 3.4.34 - CSRF to OAuth Service Disconnection
Fixed in version 3.4.34
2021-02-16
Ninja Forms < 3.4.34 - Administrator Open Redirect
Fixed in version 3.4.34
2021-02-16
Ninja Forms < 3.4.34.1 - Authenticated OAuth Connection Key Disclosure
Fixed in version 3.4.34.1
2021-02-16
Ninja Forms < 3.4.34 - Authenticated SendWP Plugin Installation and Client Secret Key Disclosure
Fixed in version 3.4.34
2020-09-22
Ninja Forms < 3.4.27.1 - CSRF leading to Arbitrary Plugin Installation
Fixed in version 3.4.27.1
2020-09-22
Ninja Forms < 3.4.27.1 - Validation Bypass via Email Field
Fixed in version 3.4.27.1
2020-09-20
Ninja Forms < 3.4.28 - Stored Cross-Site Scripting
Fixed in version 3.4.28
2020-04-29
Ninja Forms < 3.4.24.2 - CSRF to Stored XSS
Fixed in version 3.4.24.2
2020-02-03
Ninja Forms < 3.4.23 - CSRF to Stored Cross-Site Scripting (XSS)
Fixed in version 3.4.23
2019-01-10
Ninja Forms <= 3.3.21 - XSS and SQLi
Fixed in version 3.3.21.3
2019-01-07
Ninja Forms < 3.3.21.2 - SQL Injection
Fixed in version 3.3.21.2
2018-12-01
Ninja Forms <= 3.3.19 - Authenticated Open Redirect
Fixed in version 3.3.19.1
2018-11-14
Ninja Forms <= 3.3.17 - Unauthenticated Cross-Site Scripting (XSS)
Fixed in version 3.3.18
2018-08-27
Ninja Forms <= 3.3.13 - Cross-Site Scripting (XSS) in Import Function
Fixed in version 3.3.14
2018-08-21
Ninja Forms <= 3.3.13 - CSV Injection
Fixed in version 3.3.14
2018-07-06
Ninja Forms < 3.3.9 - Insufficient Restrictions during Export Personal Data requests
Fixed in version 3.3.9
2018-02-26
Ninja Forms < 3.2.15 - Parameter Tampering
Fixed in version 3.2.15
2018-02-20
Ninja Forms <= 3.2.13 - Cross-Site Scripting (XSS)
Fixed in version 3.2.14
2017-03-07
Ninja Forms < 3.0.31 - XSS
Fixed in version 3.0.31
2016-08-16
Ninja Forms <= 2.9.55.1 - Authenticated SQL Injection
Fixed in version 2.9.55.2
2016-07-19
Ninja Forms <= 2.9.51 - Multiple Authenticated Cross-Site Scripting (XSS)
Fixed in version 2.9.52
2016-05-04
Ninja Forms 2.9.36 to 2.9.42 - Multiple Vulnerabilities
Fixed in version 2.9.43
2015-09-30
Ninja Forms <= 2.9.27 - Malicious File Export
Fixed in version 2.9.28
2015-08-04
Ninja Forms <= 2.9.21 - Authenticated Reflected Cross-Site Scripting (XSS)
Fixed in version 2.9.22
2015-06-05
Ninja Forms <= 2.9.18 - Cross-Site Scripting (XSS)
Fixed in version 2.9.19
2015-04-20
Ninja Forms <= 2.9.10 - Cross-Site Scripting (XSS)
Fixed in version 2.9.11
2015-02-11
Ninja Forms <= 2.8.8 - Stored & Reflected XSS
Fixed in version 2.8.9
2014-12-02
Ninja Forms <= 2.8.9 - Unspecified Issue Affecting Admin Users
Fixed in version 2.8.10
2014-11-04
Ninja Forms 2.8.6 - Reflected Cross-Site Scripting (XSS)
Fixed in version 2.8.7
WPScan

Vulnerabilities

WordPressPluginsThemesOur StatsSubmit vulnerabilities

About

How it worksPricingWordPress pluginNewsContact

For Developers

StatusAPI detailsCLI scanner

Other

PrivacyTerms of serviceSubmission termsDisclosure policyPrivacy Notice for California Users
jetpackIn partnership with Jetpack
githubtwitterfacebook
Angithubendeavor
Work With Us