logoWordPressPluginsThemesAPISubmitContact
search-icon
logo
search-icon
WordPressPluginsThemesAPISubmitContactSecurity Scanner
Register

Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress wordpress-logolabel

2021-10-26

Ninja Forms < 3.6.4 - Admin+ SQL Injection

fixed in version 3.6.4

2021-09-27

NinjaForms < 3.5.8.2 - Admin+ Stored Cross-Site Scripting

fixed in version 3.5.8.2

2021-09-22

Ninja Forms < 3.5.8 - Unprotected REST-API to Email Injection

fixed in version 3.5.8

2021-09-22

Ninja Forms < 3.5.8 - Unprotected REST-API to Sensitive Information Disclosure

fixed in version 3.5.8

2021-02-16

Ninja Forms < 3.4.34 - CSRF to OAuth Service Disconnection

fixed in version 3.4.34

2021-02-16

Ninja Forms < 3.4.34 - Administrator Open Redirect

fixed in version 3.4.34

2021-02-16

Ninja Forms < 3.4.34.1 - Authenticated OAuth Connection Key Disclosure

fixed in version 3.4.34.1

2021-02-16

Ninja Forms < 3.4.34 - Authenticated SendWP Plugin Installation and Client Secret Key Disclosure

fixed in version 3.4.34

2020-09-22

Ninja Forms < 3.4.27.1 - Validation Bypass via Email Field

fixed in version 3.4.27.1

2020-09-22

Ninja Forms < 3.4.27.1 - CSRF leading to Arbitrary Plugin Installation

fixed in version 3.4.27.1

2020-09-20

Ninja Forms < 3.4.28 - Stored Cross-Site Scripting

fixed in version 3.4.28

2020-04-29

Ninja Forms < 3.4.24.2 - CSRF to Stored XSS

fixed in version 3.4.24.2

2020-02-03

Ninja Forms < 3.4.23 - CSRF to Stored Cross-Site Scripting (XSS)

fixed in version 3.4.23

2019-01-10

Ninja Forms <= 3.3.21 - XSS and SQLi

fixed in version 3.3.21.3

2019-01-07

Ninja Forms < 3.3.21.2 - SQL Injection

fixed in version 3.3.21.2

2018-12-01

Ninja Forms <= 3.3.19 - Authenticated Open Redirect

fixed in version 3.3.19.1

2018-11-14

Ninja Forms <= 3.3.17 - Unauthenticated Cross-Site Scripting (XSS)

fixed in version 3.3.18

2018-08-27

Ninja Forms <= 3.3.13 - Cross-Site Scripting (XSS) in Import Function

fixed in version 3.3.14

2018-08-21

Ninja Forms <= 3.3.13 - CSV Injection

fixed in version 3.3.14

2018-07-06

Ninja Forms < 3.3.9 - Insufficient Restrictions during Export Personal Data requests

fixed in version 3.3.9

2018-02-26

Ninja Forms < 3.2.15 - Parameter Tampering

fixed in version 3.2.15

2018-02-20

Ninja Forms <= 3.2.13 - Cross-Site Scripting (XSS)

fixed in version 3.2.14

2017-03-07

Ninja Forms < 3.0.31 - XSS

fixed in version 3.0.31

2016-08-16

Ninja Forms <= 2.9.55.1 - Authenticated SQL Injection

fixed in version 2.9.55.2

2016-07-19

Ninja Forms <= 2.9.51 - Multiple Authenticated Cross-Site Scripting (XSS)

fixed in version 2.9.52

2016-05-04

Ninja Forms 2.9.36 to 2.9.42 - Multiple Vulnerabilities

fixed in version 2.9.43

2015-09-30

Ninja Forms <= 2.9.27 - Malicious File Export

fixed in version 2.9.28

2015-08-04

Ninja Forms <= 2.9.21 - Authenticated Reflected Cross-Site Scripting (XSS)

fixed in version 2.9.22

2015-06-05

Ninja Forms <= 2.9.18 - Cross-Site Scripting (XSS)

fixed in version 2.9.19

2015-04-20

Ninja Forms <= 2.9.10 - Cross-Site Scripting (XSS)

fixed in version 2.9.11

2015-02-11

Ninja Forms <= 2.8.8 - Stored & Reflected XSS

fixed in version 2.8.9

2014-12-02

Ninja Forms <= 2.8.9 - Unspecified Issue Affecting Admin Users

fixed in version 2.8.10

2014-11-04

Ninja Forms 2.8.6 - Reflected Cross-Site Scripting (XSS)

fixed in version 2.8.7

Is this your WordPress plugin?

We offer WordPress plugin security testing to help identify security vulnerabilities within your plugin. Please note that this is a paid service. If you are interested in talking about having your plugin tested by WordPress security experts, get in touch.