Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2024-10-02
CVE-2024-3866 - Ninja Forms Contact Form Plugin
The Ninja Forms Contact Form plugin for WordPress is vulnerable to Reflected Self-Based Cross-Site Scripting via the 'Referer' header in all versions up to, and including, 3.8.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. Successful exploitation of this vulnerability requires "maintenance mode" for a targeted form to be enabled. However, there is no setting available to…
PLUGIN
Ninja Forms Contact Form
CVE-2024-3866
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-5530 - Ninja Forms Contact Form Plugin
The Ninja Forms Contact Form WordPress plugin before 3.6.34 does not sanitize and escape its label fields, which could allow high privilege users such as admin to perform Stored XSS attacks. Only users with the unfiltered_html capability can perform this, and such users are already allowed to use JS in posts/comments etc however the vendor acknowledged and fixed the issue
PLUGIN
Ninja Forms Contact Form
CVE-2023-5530
Risk Score
Threat Entry
Updated 2025-04-23
CVE-2023-4109 - Ninja Forms Contact Form Plugin
The Ninja Forms WordPress Ninja Forms Contact Form WordPress plugin before 3.6.26 was affected by a HTML Injection security vulnerability.
PLUGIN
Ninja Forms Contact Form
CVE-2023-4109
Risk Score
Threat Entry
Updated 2025-01-14
CVE-2023-1835 - Ninja Forms Contact Form Plugin
The Ninja Forms Contact Form WordPress plugin before 3.6.22 does not properly escape user input before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Ninja Forms Contact Form
CVE-2023-1835
Risk Score
Threat Entry
Updated 2025-05-21
CVE-2022-2903 - Ninja Forms Contact Form Plugin
The Ninja Forms Contact Form WordPress plugin before 3.6.13 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.
PLUGIN
Ninja Forms Contact Form
CVE-2022-2903
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-25066 - Ninja Forms Contact Form Plugin
The Ninja Forms Contact Form WordPress plugin before 3.6.10 does not sanitize and escape some imported data, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
PLUGIN
Ninja Forms Contact Form
CVE-2021-25066
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-25056 - Ninja Forms Contact Form Plugin
The Ninja Forms Contact Form WordPress plugin before 3.6.10 does not sanitise and escape field labels, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
PLUGIN
Ninja Forms Contact Form
CVE-2021-25056
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24889 - Ninja Forms Contact Form Plugin
The Ninja Forms Contact Form WordPress plugin before 3.6.4 does not escape keys of the fields POST parameter, which could allow high privilege users to perform SQL injections attacks
PLUGIN
Ninja Forms Contact Form
CVE-2021-24889
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24381 - Ninja Forms Contact Form Plugin
The Ninja Forms Contact Form WordPress plugin before 3.5.8.2 does not sanitise and escape the custom class name of the form field created, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
PLUGIN
Ninja Forms Contact Form
CVE-2021-24381
Risk Score