Update the WordPress Ninja Forms plugin to the latest available version (at least 3.6.11).
An unknown person discovered and reported this PHP Object Injection vulnerability in WordPress Ninja Forms Plugin. This could allow a malicious actor to execute code injection, SQL injection, path traversal, denial of service, and more. This could allow a malicious actor to take-over a website. This vulnerability has been fixed in version 3.6.11.
Authenticated PHP Objection Injection vulnerability
4.9
05.09.2022
Authenticated Stored CrossSite Scripting (XSS) vulnerability
4.8
13.06.2022
Authenticated Stored CrossSite Scripting (XSS) vulnerability
4.8
10.06.2022
Authenticated Stored CrossSite Scripting (XSS) vulnerability
4.8
07.06.2022
Unauthenticated Email Address Disclosure vulnerability
3.7
22.03.2022
Successfully submit vulnerabilities and receive an invite to our Alliance platform.
Learn more
Close
Ninja Forms
LinkedIn
Facebook
Twitter
Join Discord
