API Monitor free
plugin logo
plugin logo

Ninja Forms

The Most User Friendly WordPress Contact Form Builder Use Ninja Forms to create beautiful, user friendly WordPress forms that will make you feel like a professional web developer!...

WordPress logo

WordPress

Changelog

Developer

Saturday Drive

Current version

3.6.12

Installations

900 000

Last updated

1 month ago

Unauthenticated PHP Object Injection vulnerability

<= 3.6.10

9.8

15.06.2022

Authenticated Stored CrossSite Scripting (XSS) vulnerability

<= 3.6.9

4.8

13.06.2022

Authenticated Stored CrossSite Scripting (XSS) vulnerability

<= 3.6.9

4.8

10.06.2022

Authenticated Stored CrossSite Scripting (XSS) vulnerability

<= 3.6.9

4.8

07.06.2022

Unauthenticated Email Address Disclosure vulnerability

<= 3.6.7

3.7

22.03.2022

SQL Injection (SQLi) vulnerability

<= 3.6.3

4.7

26.10.2021

Stored CrossSite Scripting (XSS) vulnerability

<= 3.5.8.1

4.8

27.09.2021

Unprotected RESTAPI to Sensitive Information Disclosure vulnerability

<= 3.5.7

6.5

22.09.2021

Unprotected RESTAPI to Email Injection vulnerability

<= 3.5.7

6.5

22.09.2021

CrossSite Request Forgery (CSRF) vulnerability

<= 3.4.33

Administrator Open Redirect vulnerability

<= 3.4.33

Authenticated OAuth Connection Key Disclosure vulnerability

<= 3.4.33

Authenticated SendWP Plugin Installation and Client Secret Key Disclosure vulnerability

<= 3.4.33

CrossSite Request Forgery (CSRF) leading to Arbitrary Plugin Installation vulnerability

<= 3.4.27

CrossSite Scripting (XSS) vulnerability

<= 3.3.21

SQL injection (SQLi) vulnerability

<= 3.3.21

Authenticated Open Redirect vulnerability

<= 3.3.19

Unauthenticated CrossSite Scripting (XSS) vulnerability

<= 3.3.17

CSV Injection vulnerability

<= 3.3.13

CrossSite Scripting (XSS) vulnerability

<= 3.3.13

CrossSite Scripting (XSS) vulnerability

<= 3.2.13

Authenticated SQL Injection

<= 2.9.55.1

Multiple Cross Site Scripting

<= 2.9.51

PHP Object Injection

<= 2.9.42.0

Malicious File Export

<= 2.9.27

Cross Site Scripting

<= 2.9.21

Cross Site Scripting

<= 2.9.18

Cross Site Scripting

<= 2.9.10

Multiple XSS

<= 2.8.8

Unspecified Vulnerability

<= 2.8.9

Authorization Bypass

<= 2.7.7

Submit vulnerabilities and become a verified Alliance member

Learn more

Let us know if we have missed a vulnerability reported elsewhere

Report arrow right Close

Thank you for contributing!

Successfully submit vulnerabilities and receive an invite to our Alliance platform.

Learn more arrow right Close