Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Ninja Forms – The Contact Form Builder That Grows With You — Vulnerabilities & Security Advisories 13

All 13 CVE vulnerabilities found in Ninja Forms – The Contact Form Builder That Grows With You, with AI-generated Chinese analysis, references, and POCs.

Vendor: kstover

CVE IDTitleCVSSSeverityPublished
CVE-2026-1307 Ninja Forms <= 3.14.1 - Authenticated (Contributor+) Sensitive Information Disclosure via Block Editor Token CWE-200 6.5 Medium2026-03-28
CVE-2026-2268 Ninja Forms <= 3.14.0 - Unauthenticated Information Disclosure in nf_ajax_submit AJAX Action CWE-200 7.5 High2026-02-10
CVE-2025-11924 Ninja Forms – The Contact Form Builder That Grows With You <= 3.13.2 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Exposure via Unscoped Bearer Token CWE-639 7.5 High2025-12-17
CVE-2025-10498 Ninja Forms – The Contact Form Builder That Grows With You <= 3.12.0 - Cross-Site Request Forgery to Limited File Deletion CWE-352 4.3 Medium2025-09-27
CVE-2025-10499 Ninja Forms – The Contact Form Builder That Grows With You <= 3.12.0 - Cross-Site Request Forgery to Plugin Settings Update CWE-352 4.3 Medium2025-09-27
CVE-2025-5398 Ninja Forms <= 3.10.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via CSTI CWE-79 6.4 Medium2025-06-27
CVE-2024-13470 Ninja Forms – The Contact Form Builder That Grows With You <= 3.8.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CWE-79 6.4 Medium2025-01-30
CVE-2024-12238 Ninja Forms – The Contact Form Builder That Grows With You <= 3.8.22 - Authenticated (Subscriber+) Arbitrary Shortcode Execution CWE-94 6.3 Medium2024-12-29
CVE-2024-11052 Ninja Forms – The Contact Form Builder That Grows With You <= 3.8.19 - Unauthenticated Stored Cross-Site Scripting via Form Calculations CWE-79 7.2 High2024-12-12
CVE-2024-3866 Ninja Forms Contact Form <= 3.8.15 - Reflected Self-Based Cross-Site Scripting via Referer CWE-79 4.7 Medium2024-09-25
CVE-2024-2108 Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.8.0 - Authenticated (Author+) Stored Cross-Site Scripting CWE-79 4.6 Medium2024-03-29
CVE-2024-2113 Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.8.0 - Cross-Site Request Forgery to Publicly Accessible Form Submission Export CWE-352 4.3 Medium2024-03-29
CVE-2024-0685 Ninja Forms Contact Form <= 3.7.1 - Unauthenticated Second Order SQL Injection CWE-89 5.9 Medium2024-02-02

All 13 known CVE vulnerabilities affecting Ninja Forms – The Contact Form Builder That Grows With You with full Chinese analysis, references, and POCs where available.