Saturday Drive Ninja Forms vulnerabilities

CVE-2024-43999 [MEDIUM] CWE-79 CVE-2024-43999: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saturday Drive Ninja Forms allows Stored XSS.This issue affects Ninja Forms: from n/a through 3.8.11.

CVE-2024-39628 [HIGH] CWE-352 CVE-2024-39628: Cross-Site Request Forgery (CSRF) vulnerability in Saturday Drive Ninja Forms allows Cross Site Requ Cross-Site Request Forgery (CSRF) vulnerability in Saturday Drive Ninja Forms allows Cross Site Request Forgery.This issue affects Ninja Forms: from n/a through 3.8.6.

CVE-2024-37934 [CRITICAL] CWE-94 CVE-2024-37934: Improper Control of Generation of Code ('Code Injection') vulnerability in Saturday Drive Ninja Form Improper Control of Generation of Code ('Code Injection') vulnerability in Saturday Drive Ninja Forms allows Code Injection.This issue affects Ninja Forms: from n/a through 3.8.4.

CVE-2023-38386 [CRITICAL] CWE-862 CVE-2023-38386: Missing Authorization vulnerability in Saturday Drive Ninja Forms.This issue affects Ninja Forms: fr Missing Authorization vulnerability in Saturday Drive Ninja Forms.This issue affects Ninja Forms: from n/a through 3.6.25.

CVE-2023-38393 [HIGH] CWE-862 CVE-2023-38393: Missing Authorization vulnerability in Saturday Drive Ninja Forms.This issue affects Ninja Forms: fr Missing Authorization vulnerability in Saturday Drive Ninja Forms.This issue affects Ninja Forms: from n/a through 3.6.25.

CVE-2024-25572 [HIGH] CWE-352 CVE-2024-25572: Cross-site request forgery (CSRF) vulnerability exists in Ninja Forms prior to 3.4.31. If a website Cross-site request forgery (CSRF) vulnerability exists in Ninja Forms prior to 3.4.31. If a website administrator views a malicious page while logging in, unintended operations may be performed.

CVE-2024-29220 [MEDIUM] CWE-79 CVE-2024-29220: Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in custom fields for labels Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in custom fields for labels. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing to the website using the product.

CVE-2024-26019 [MEDIUM] CWE-79 CVE-2024-26019: Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in submit processing. If th Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in submit processing. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing to the website using the product.

CVE-2021-34648 [MEDIUM] CWE-863 CVE-2021-34648: The Ninja Forms WordPress plugin is vulnerable to arbitrary email sending via the trigger_email_acti The Ninja Forms WordPress plugin is vulnerable to arbitrary email sending via the trigger_email_action function found in the ~/includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to send arbitrary emails from the affected server via the /ninja-forms-submissions/email-action REST API which

CVE-2021-34647 [MEDIUM] CWE-863 CVE-2021-34647: The Ninja Forms WordPress plugin is vulnerable to sensitive information disclosure via the bulk_expo The Ninja Forms WordPress plugin is vulnerable to sensitive information disclosure via the bulk_export_submissions function found in the ~/includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to export all Ninja Forms submissions data via the /ninja-forms-submissions/export REST API which c