Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

ninjaforms

Source -

NVDADP

BOS Name -

Saturday Drive, INC

CNA CVEs -

0

ADP CVEs -

1

CISA CVEs -

0

NVD CVEs -

59
Related CVEsRelated ProductsRelated AssignersReports
59Vulnerabilities found
CVE-2018-20980
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.39% / 68.85%
||
7 Day CHG~0.00%
Published-22 Aug, 2019 | 12:37
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering.

Action-Not Available
Vendor-n/aSaturday Drive, INC
Product-ninja_formsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-15025
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.78% / 75.38%
||
7 Day CHG~0.00%
Published-14 Aug, 2019 | 14:49
Updated-05 Aug, 2024 | 00:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ninja-forms plugin before 3.3.21.2 for WordPress has SQL injection in the search filter on the submissions page.

Action-Not Available
Vendor-n/aSaturday Drive, INC
Product-ninjaformsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2019-10869
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-13.02% / 95.83%
||
7 Day CHG~0.00%
Published-07 May, 2019 | 17:07
Updated-04 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Path Traversal and Unrestricted File Upload exists in the Ninja Forms plugin before 3.0.23 for WordPress (when the Uploads add-on is activated). This allows an attacker to traverse the file system to access files and execute code via the includes/fields/upload.php (aka upload/submit page) name and tmp_name parameters.

Action-Not Available
Vendor-n/aSaturday Drive, INC
Product-ninja_forms_file_uploadsn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2018-19796
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.58% / 72.36%
||
7 Day CHG~0.00%
Published-03 Dec, 2018 | 06:00
Updated-05 Aug, 2024 | 11:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An open redirect in the Ninja Forms plugin before 3.3.19.1 for WordPress allows Remote Attackers to redirect a user via the lib/StepProcessing/step-processing.php (aka submissions download page) redirect parameter.

Action-Not Available
Vendor-n/aSaturday Drive, INC
Product-ninja_formsn/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2018-16308
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-8.6||HIGH
EPSS-1.79% / 75.52%
||
7 Day CHG~0.00%
Published-01 Sep, 2018 | 18:00
Updated-05 Aug, 2024 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection.

Action-Not Available
Vendor-n/aSaturday Drive, INC
Product-ninja_formsn/a
CWE ID-CWE-1236
Improper Neutralization of Formula Elements in a CSV File
CVE-2018-7280
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.78% / 51.01%
||
7 Day CHG~0.00%
Published-21 Feb, 2018 | 16:00
Updated-17 Sep, 2024 | 02:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Ninja Forms plugin before 3.2.14 for WordPress has XSS.

Action-Not Available
Vendor-n/aSaturday Drive, INC
Product-ninja_formsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-1209
Assigner-JPCERT/CC
ShareView Details
Assigner-JPCERT/CC
CVSS Score-9.8||CRITICAL
EPSS-61.61% / 99.05%
||
7 Day CHG+4.77%
Published-14 May, 2016 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request.

Action-Not Available
Vendor-n/aSaturday Drive, INC
Product-ninja_formsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-2220
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-2.04% / 78.66%
||
7 Day CHG~0.00%
Published-05 Mar, 2015 | 16:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in the Ninja Forms plugin before 2.8.9 for WordPress allow (1) remote attackers to inject arbitrary web script or HTML via the ninja_forms_field_1 parameter in a ninja_forms_ajax_submit action to wp-admin/admin-ajax.php or (2) remote administrators to inject arbitrary web script or HTML via the fields[1] parameter to wp-admin/post.php.

Action-Not Available
Vendor-n/aSaturday Drive, INC
Product-ninja_formsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-9688
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.02% / 78.41%
||
7 Day CHG~0.00%
Published-05 Mar, 2015 | 16:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for WordPress has unknown impact and remote attack vectors related to admin users.

Action-Not Available
Vendor-n/aSaturday Drive, INC
Product-ninja_formsn/a
  • Previous
  • 1
  • 2
  • Next