Ninja Forms Contact Form Vulnerabilities
The Ninja Forms Contact Form WordPress plugin has 5 known security vulnerabilities, including 1 critical. The most recent was disclosed on June 15, 2022. Check whether your site runs an affected version below.
View Ninja Forms Contact Form on WordPress.orgSummary
Latest vulnerability disclosed on June 15, 2022.
Recommendation
WPSentry recommends extreme caution
Only run Ninja Forms Contact Form if it is updated to the latest patched release. This plugin has a history of 1 critical, potentially exploitable vulnerability. If you already use it, update immediately — or consider a safer alternative.
Is your site affected?
Run a free external scan to detect Ninja Forms Contact Form and 35+ other WordPress security checks — no login or plugin required.
Known Ninja Forms Contact Form vulnerabilities
- critical
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.6.10 - Code Injection
Affected versions: <=3.0.34.1Disclosed June 15, 2022 - high
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.6.9 - Cross-Site Request Forgery to Field Import and PHP Object Injection
Affected versions: <=3.6.9Disclosed June 7, 2022 - high
Ninja Forms Contact Form <= 2.9.55.1 - Authenticated SQL Injection
Affected versions: <2.9.55.2Disclosed August 16, 2016 - high
Ninja Forms Contact Form <= 2.9.28 - Stored Cross-Site Scripting
Affected versions: <=2.9.28Disclosed December 8, 2015 - high
Ninja Forms Contact Form <= 2.9.27 - CSV Injection
Affected versions: <=2.9.27Disclosed September 30, 2015
How to stay protected
Update promptly
Keep Ninja Forms Contact Form on its latest release — most vulnerabilities are fixed in newer versions.
Scan regularly
Run an external scan after every update to catch outdated or vulnerable software early.
Monitor continuously
Enable monitoring to get alerted the moment a new issue affects your stack.