WordPress Ninja Forms 漏洞列表

共找到 2 个与 WordPress Ninja Forms 相关的漏洞

📅 加载漏洞趋势中...

CVE-2018-19287: WordPress Ninja Forms <3.3.18 - Cross-Site Scripting POC

日期: 2025-08-01 | 影响软件: WordPress Ninja Forms

WordPress Ninja Forms plugin before 3.3.18 contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in includes/Admin/Menus/Submissions.php via the begin_date, end_date, or form_id parameters. This can allow an attacker to steal cookie-based authentication credentials and launch other attacks.
CVE-2021-24165: WordPress Ninja Forms <3.4.34 - Open Redirect POC

日期: 2025-08-01 | 影响软件: WordPress Ninja Forms

WordPress Ninja Forms plugin before 3.4.34 contains an open redirect vulnerability via the wp_ajax_nf_oauth_connect AJAX action, due to the use of a user-supplied redirect parameter and no protection in place. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.