Ninja Forms – The Contact Form Builder That Grows With You

Information

Software Type Plugin
Software Slug ninja-forms (view on wordpress.org)
Software Status Active
Software Author kstover
Software Website ninjaforms.com
Software Downloads 50,634,746
Software Active Installs 700,000
Software Record Last Updated December 22, 2024

Showing 1-20 of 63 Vulnerabilities

8.8
CVE ID Unknown
Aug 16, 2016
Researchers:
8.4
CVE ID Unknown
Sep 30, 2015
Researchers: Smit B. Shah, Hely H. Shah
Title Status CVE ID CVSS Researchers Date
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.6.10 - Code Injection Patched 9.8 June 15, 2022
Ninja Forms Contact Form <= 3.3.21.1 - SQL Injection Patched CVE-2019-15025 9.8 January 7, 2019
Ninja Forms Contact Form 2.9.36 - 2.9.42 - Unauthenticated Arbitrary File Upload Patched CVE-2016-1209 9.8 James Golovich May 5, 2016
Ninja Forms <= 3.3.8 - Insufficient Restrictions during Export Personal Data requests Patched CVE-2018-20981 9.1 July 6, 2018
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.6.9 - Cross-Site Request Forgery to Field Import and PHP Object Injection Patched 8.8 June 7, 2022
Ninja Forms Contact Form <= 3.4.33 - Authenticated SendWP Plugin Installation and Client Secret Key Disclosure Patched CVE-2021-24163 8.8 Chloe Chamberland February 16, 2021
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.4.27 - Cross-Site Request Forgery to Plugin Installation Patched CVE-2020-36174 8.8 Slavco Mihajloski September 22, 2020
Ninja Forms Contact Form <= 2.9.55.1 - Authenticated SQL Injection Patched 8.8 August 16, 2016
Ninja Forms Contact Form <= 3.3.13 - CSV Injection Patched CVE-2018-16308 8.6 August 19, 2018
Ninja Forms Contact Form <= 2.9.27 - CSV Injection Patched 8.4 Smit B. Shah, Hely H. Shah September 30, 2015
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.3.13 - Cross-Site Scripting Patched 8.3 Adam Roberts August 27, 2018
Ninja Forms Contact Form 2.9.36 - 2.9.42 - PHP Object Injection Patched CVE-2016-1209 8.1 May 13, 2016
Ninja Forms Contact Form <= 3.2.14 - Parameter Tampering Patched CVE-2018-20980 7.5 February 26, 2018
Ninja Forms – The Contact Form Builder That Grows With You <= 3.8.19 - Unauthenticated Stored Cross-Site Scripting via Form Calculations Patched CVE-2024-11052 7.2 mikemyers December 11, 2024
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.6.12 - Authenticated (Administrator+) PHP Objection Injection Patched CVE-2022-2903 7.2 Alessio Santoru September 5, 2022
Ninja Forms Contact Form <= 3.6.3 - Authenticated SQL Injection Patched CVE-2021-24889 7.2 ZhongFu Su October 26, 2021
Ninja Forms Contact Form <= 2.9.28 - Stored Cross-Site Scripting Patched 7.2 Kenan G. December 8, 2015
Ninja Forms Contact Form <= 2.8.8 - Stored Cross-Site Scripting Patched CVE-2015-2220 7.2 Sergio Navarro November 20, 2014
Ninja Forms <= 3.6.24 - Authenticated (Admin+) Arbitrary File Deletion Patched CVE-2023-36505 6.5 Theodoros Malachias June 22, 2023
Ninja Forms <= 3.5.7 - Unprotected REST-API to Sensitive Information Disclosure Patched CVE-2021-34647 6.5 Chloe Chamberland September 22, 2021

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation