Ninja forms
This hub aggregates every CVE we track for Ninja forms, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.
28
CVEs tracked
3
Critical
5
High
0
In CISA KEV
Severity distribution
MEDIUM20HIGH5CRITICAL3
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Ninja forms.
- CVE-2025-9083Ninja-forms < 3.11.1 - Unauthenticated PHP Objection9.8
- CVE-2023-5530Ninja Forms < 3.6.34 - Admin+ Stored XSS4.8
- CVE-2023-1835Ninja Forms < 3.6.22 - Reflected XSS6.1
- CVE-2021-25066Ninja Forms < 3.6.10 - Admin+ Stored Cross-Site Scripting via Import4.8
- CVE-2021-25056Ninja Forms < 3.6.10 - Admin+ Stored Cross-Site Scripting4.8
- CVE-2021-36827WordPress Ninja Forms Contact Form plugin <= 3.6.9 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability4.8
- CVE-2021-24889Ninja Forms < 3.6.4 - Admin+ SQL Injection7.2
- CVE-2021-34647Ninja Forms <= 3.5.7 Sensitive Information Disclosure6.5
- CVE-2021-34648Ninja Forms <= 3.5.7 Unprotected REST-API to Email Injection6.4
- CVE-2021-24166Ninja Forms < 3.4.34 - CSRF to OAuth Service Disconnection5.4
- CVE-2021-24164Ninja Forms < 3.4.34.1 - Authenticated OAuth Connection Key Disclosure4.3
- CVE-2021-24165Ninja Forms < 3.4.34 - Administrator Open Redirect6.1
- CVE-2021-24163Ninja Forms < 3.4.34 - Authenticated SendWP Plugin Installation and Client Secret Key Disclosure8.8
- CVE-2020-36173The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for submissions-table fields.5.3
- CVE-2020-36175The Ninja Forms plugin before 3.4.27.1 for WordPress allows attackers to bypass validation via the email field.5.3
Product normalization is registry-driven with AI assist and human review. How it works