WordPress Plugin Vulnerabilities

Ninja Forms <= 3.3.13 - CSV Injection

Description

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin was affected by a CSV Injection security vulnerability.

Affects Plugins

Plugin icon
ninja-forms
Fixed in 3.3.14

References

CVE
CVE-2018-16308
Exploitdb
45234
URL
https://plugins.trac.wordpress.org/changeset/1931064/ninja-forms

Miscellaneous

Submitter
Ryan Dewhurst
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
02cc8296-5662-48dc-bafe-29074b25654f

Timeline

Publicly Published
2018-08-21 (about 7 years ago)
Added
2018-08-27 (about 7 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2024-11-15
Title
Popup by Supsystic < 1.10.30 - Admin+ Remote Code Execution
Published
2025-02-14
Title
Bit Assist < 1.5.3 - Subscriber+ Arbitrary File Read via fileID Parameter
Published
2014-08-01
Title
Social Media Widget 4.0 - social-widget.php MITM Weakness Arbitrary Code Injection
Published
2015-12-10
Title
Link Log < 2.0 - HTTP Response Splitting
Published
2024-10-14
Title
BuddyPress Better Registration <= 1.6 - Authentication Bypass to Administrator