Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

Ninja Forms — Vulnerabilities & Security Advisories 18

All 18 CVE vulnerabilities found in Ninja Forms, with AI-generated Chinese analysis, references, and POCs.

This page provides a comprehensive aggregation of security vulnerabilities and weaknesses associated with the Ninja Forms plugin, categorized by specific Common Weakness Enumeration (CWE) tags. It collects and indexes known security issues affecting this WordPress extension, covering advisory data released from its inception through recent updates to ensure a complete historical record of its security posture. Users can utilize this resource to track vendor security advisories, understand the specific technical characteristics of each weakness class, and look up a product's vulnerability history to assess risk exposure over time. By centralizing this information, the page facilitates deeper analysis for security researchers, developers, and administrators who need to evaluate the integrity of their WordPress environments. The data includes details on how these vulnerabilities manifest, their potential impact on site confidentiality, integrity, and availability, and the contexts in which they are exploitable. This structured approach allows for efficient identification of patterns in defect types and helps in prioritizing remediation efforts based on the severity and prevalence of the flaws found within the Ninja Forms codebase. It serves as a critical reference point for understanding the evolution of security practices within the project and for comparing its risk profile against other popular WordPress plugins.

Vendor: Saturday Drive

CVE IDTitleCVSSSeverityPublished
CVE-2025-14072 Ninja Forms < 3.13.3 - Unauthenticated Token Generation and Submission Disclosure 5.3 -2026-01-02
CVE-2025-9083 Ninja-forms < 3.11.1 - Unauthenticated PHP Objection 9.8AICriticalAI2025-09-18
CVE-2025-2561 Ninja Forms < 3.10.1 - Admin+ Stored XSS 4.8AIMediumAI2025-05-19
CVE-2025-2524 Ninja Forms < 3.10.1 - Admin+ Stored XSS 4.8AIMediumAI2025-05-19
CVE-2025-2560 Ninja Forms < 3.10.1 - Admin+ Stored XSS 4.8AIMediumAI2025-05-19
CVE-2024-50515 WordPress Ninja Forms – The Contact Form Builder That Grows With You plugin <= 3.8.16 - Cross Site Scripting (XSS) vulnerability CWE-79 5.9 Medium2024-11-19
CVE-2024-50514 WordPress Ninja Forms – The Contact Form Builder That Grows With You plugin <= 3.8.16 - Cross Site Scripting (XSS) vulnerability CWE-79 5.9 Medium2024-11-19
CVE-2024-43999 WordPress Ninja Forms plugin <= 3.8.11 - Cross Site Scripting (XSS) vulnerability CWE-79 5.9 Medium2024-09-17
CVE-2024-7354 Ninja Forms 3.8.6-3.8.10 - Reflected XSS 6.1AIMediumAI2024-09-02
CVE-2024-39628 WordPress Ninja Forms plugin <= 3.8.6 - Cross Site Request Forgery (CSRF) vulnerability CWE-352 5.4 Medium2024-08-26
CVE-2024-37934 WordPress Ninja Forms plugin <= 3.8.4 - Subscriber+ Arbitrary Shortcode Execution vulnerability CWE-94 5.4 Medium2024-07-09
CVE-2023-38393 WordPress Ninja Forms plugin <= 3.6.25 - Subscriber+ Broken Access Control vulnerability CWE-862 7.6 High2024-06-19
CVE-2023-38386 WordPress Ninja Forms plugin <= 3.6.25 - Contributor+ Broken Access Control vulnerability CWE-862 7.6 High2024-06-19
CVE-2024-25572 WordPress Plugin Ninja Forms Contact Form 安全漏洞 8.8AIHighAI2024-04-11
CVE-2024-26019 WordPress Plugin Ninja Forms Contact Form 安全漏洞 6.1AIMediumAI2024-04-11
CVE-2024-29220 WordPress plugin Ninja Forms 安全漏洞 5.4AIMediumAI2024-04-11
CVE-2021-34647 Ninja Forms <= 3.5.7 Sensitive Information Disclosure CWE-863 6.5 Medium2021-09-22
CVE-2021-34648 Ninja Forms <= 3.5.7 Unprotected REST-API to Email Injection CWE-863 6.4 Medium2021-09-22

All 18 known CVE vulnerabilities affecting Ninja Forms with full Chinese analysis, references, and POCs where available.