ninjaforms
Web & CMS Pluginscommercial
Top products
Latest CVEs
The 15 most recently published vulnerabilities affecting ninjaforms.
- CVE-2025-14072Ninja Forms < 3.13.3 - Unauthenticated Token Generation and Submission Disclosure5.3
- CVE-2025-11924Ninja Forms – The Contact Form Builder That Grows With You <= 3.13.2 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Exposure via Unscoped Bearer Token7.5
- CVE-2025-10498Ninja Forms – The Contact Form Builder That Grows With You <= 3.12.0 - Cross-Site Request Forgery to Limited File Deletion4.3
- CVE-2025-10499Ninja Forms – The Contact Form Builder That Grows With You <= 3.12.0 - Cross-Site Request Forgery to Plugin Settings Update4.3
- CVE-2025-9083Ninja-forms < 3.11.1 - Unauthenticated PHP Objection9.8
- CVE-2025-5398Ninja Forms <= 3.10.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via CSTI6.4
- CVE-2025-2524Ninja Forms < 3.10.1 - Admin+ Stored XSS4.8
- CVE-2025-2561Ninja Forms < 3.10.1 - Admin+ Stored XSS4.8
- CVE-2025-2560Ninja Forms < 3.10.1 - Admin+ Stored XSS4.8
- CVE-2024-13470Ninja Forms – The Contact Form Builder That Grows With You <= 3.8.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode6.4
- CVE-2024-12238Ninja Forms – The Contact Form Builder That Grows With You <= 3.8.22 - Authenticated (Subscriber+) Arbitrary Shortcode Execution6.3
- CVE-2024-11052Ninja Forms – The Contact Form Builder That Grows With You <= 3.8.19 - Unauthenticated Stored Cross-Site Scripting via Form Calculations7.2
- CVE-2024-50514WordPress Ninja Forms – The Contact Form Builder That Grows With You plugin <= 3.8.16 - Cross Site Scripting (XSS) vulnerability5.9
- CVE-2024-50515WordPress Ninja Forms – The Contact Form Builder That Grows With You plugin <= 3.8.16 - Cross Site Scripting (XSS) vulnerability5.9
- CVE-2024-3866Ninja Forms Contact Form <= 3.8.15 - Reflected Self-Based Cross-Site Scripting via Referer4.7