Kstover Ninja Forms – The Contact Form Builder That Grows With You
13 CVEs affecting Kstover Ninja Forms – The Contact Form Builder That Grows With You. Latest disclosed: 2026-03-28. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-2268 | High | 7.5 | 2026-02-10 | The Ninja Forms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.14.0. This is due to the unsafe ap… |
CVE-2025-11924 | High | 7.5 | 2025-12-17 | The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and in… |
CVE-2024-11052 | High | 7.2 | 2024-12-12 | The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the calculations parameter… |
CVE-2026-1307 | Medium | 6.5 | 2026-03-28 | The Ninja Forms - The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and… |
CVE-2025-5398 | Medium | 6.4 | 2025-06-27 | The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the use of a templating en… |
CVE-2024-13470 | Medium | 6.4 | 2025-01-30 | The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in… |
CVE-2024-12238 | Medium | 6.3 | 2024-12-29 | The The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, a… |
CVE-2024-0685 | Medium | 5.9 | 2024-02-02 | The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Second Order SQL Injection via the email addr… |
CVE-2024-3866 | Medium | 4.7 | 2024-09-25 | The Ninja Forms Contact Form plugin for WordPress is vulnerable to Reflected Self-Based Cross-Site Scripting via the 'Referer' header in all versions up to, an… |
CVE-2024-2108 | Medium | 4.6 | 2024-03-29 | The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an image titl… |
CVE-2025-10498 | Medium | 4.3 | 2025-09-27 | The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and includin… |
CVE-2025-10499 | Medium | 4.3 | 2025-09-27 | The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and incl… |
CVE-2024-2113 | Medium | 4.3 | 2024-03-29 | The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up… |