Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Ninjaforms Subscribe
Total 64 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-18574 1 Ninjaforms 1 Ninja Forms 2026-06-17 4.3 MEDIUM 6.1 MEDIUM
The ninja-forms plugin before 3.0.31 for WordPress has insufficient HTML escaping in the builder.
CVE-2016-1209 1 Ninjaforms 1 Ninja Forms 2026-06-17 7.5 HIGH 9.8 CRITICAL
The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request.
CVE-2015-2220 1 Ninjaforms 1 Ninja Forms 2026-06-17 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Ninja Forms plugin before 2.8.9 for WordPress allow (1) remote attackers to inject arbitrary web script or HTML via the ninja_forms_field_1 parameter in a ninja_forms_ajax_submit action to wp-admin/admin-ajax.php or (2) remote administrators to inject arbitrary web script or HTML via the fields[1] parameter to wp-admin/post.php.
CVE-2014-9688 1 Ninjaforms 1 Ninja Forms 2026-06-17 7.5 HIGH N/A
Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for WordPress has unknown impact and remote attack vectors related to admin users.