Is "Ninja Forms" safe?

Ninja Forms: Plugin Details

---

Type:	Plugin
Author:	The WP Ninjas
URL:	https://wordpress.org/plugins/ninja-forms/
Latest Version:	3.4.34

 

Ninja Forms: Security Information

---

Insecure versions:	Up To 3.4.33
Known since:	2021-02-18 13:56:39

Insecure versions:	Up To 3.4.33
Known since:	2021-02-18 13:56:07

Insecure versions:	Up To 3.4.33
Known since:	2021-02-18 13:56:07

Insecure versions:	Up To 3.4.33
Known since:	2021-02-17 15:29:50

Insecure versions:	Up To 3.4.27.1
Known since:	2021-01-08 13:11:59

Insecure versions:	Up To 3.4.27
Known since:	2021-01-08 13:11:32

Insecure versions:	Up To 3.4.27
Known since:	2020-10-09 13:25:38
Description:	The plugin is affected by a Cross-Site Request Forgery (CSRF) which could allow attackers to make a logged administrator install an arbitrary plugin from the WordPress repository.

Insecure versions:	Up To 2.8.9
Known since:	2020-05-01 00:28:33
Description:	Ninja Forms - Unspecified Issue Affecting Admin Users

Insecure versions:	Up To 2.8.8
Known since:	2020-05-01 00:25:47
Description:	Ninja Forms - Stored & Reflected XSS

Insecure versions:	Up To 2.8.6
Known since:	2020-05-01 00:22:34
Description:	Ninja Forms - Reflected Cross-Site Scripting (XSS)

Insecure versions:	Up To 2.9.21
Known since:	2020-05-01 00:17:44
Description:	Ninja Forms - Authenticated Reflected Cross-Site Scripting (XSS)

Insecure versions:	Up To 3.3.17
Known since:	2020-04-30 23:58:21
Description:	Details: Ninja Forms - Unauthenticated Cross-Site Scripting (XSS)

Insecure versions:	Up To 3.3.21
Known since:	2020-04-30 23:56:33
Description:	Ninja Forms - XSS and SQLi

Insecure versions:	Up To 3.3.19
Known since:	2020-04-30 23:54:58
Description:	Authenticated Open Redirect

Insecure versions:	Up To 3.4.24.1
Known since:	2020-04-30 23:47:49
Description:	CSRF to XSS

Insecure versions:	Up To 3.3.21.1
Known since:	2020-02-20 16:42:41

Insecure versions:	Up To 3.3.8
Known since:	2020-02-20 16:36:27

Insecure versions:	Up To 3.1.9
Known since:	2020-02-20 16:34:51

Insecure versions:	Up To 3.0
Known since:	2020-02-20 16:34:11

Insecure versions:	Up To 3.4.2.11
Known since:	2020-02-20 16:33:32

Insecure versions:	Up To 3.3.21
Known since:	2019-06-21 17:50:46

Insecure versions:	Up To 3.3.19
Known since:	2018-12-05 17:37:12

Insecure versions:	Up To 3.3.17
Known since:	2018-11-16 17:41:40

Insecure versions:	Up To 3.3.13
Known since:	2018-09-03 16:10:51

Insecure versions:	Up To 3.3.13
Known since:	2018-09-03 16:10:37

Insecure versions:	Up To 3.2.13
Known since:	2018-02-23 02:02:16

Insecure versions:	Up To 2.9.55.1
Known since:	2016-08-17 14:27:20

Insecure versions:	Up To 2.9.51
Known since:	2016-07-21 02:01:33
Description:	https://sumofpwn.nl/advisory/2016/multiple_cross_site_scripting_vulnerabilities_in_ninja_forms_wordpress_plugin.html

Insecure versions:	Up To 2.9.42
Known since:	2016-05-05 13:35:29

Insecure versions:	Up To 2.9.27
Known since:	2015-11-11 19:23:24

Insecure versions:	Up To 2.9.18
Known since:	2015-09-13 21:26:50

Insecure versions:	Up To 2.9.10
Known since:	2015-04-21 03:00:45
Description:	Ninja Forms - XSS Vulnerability

 

Ninja Forms: Safety Recommendations

---

We have rated Ninja Forms as Unsafe which means that all versions of the plugin have vulnerabilities.

We recommend that until an update is released do not use Ninja Forms.

Ninja Forms: Keeping Safe

---

If you're running a business, ecommerce, news, or other critical website, Jetpack also provides additional indispensable services:

• Automated Backups
  Full backup of your entire site with unlimited storage space.
• Restores & Migrations
  Restore or migrate your site from a backup with one click.
• Security Scanning
  Regular, automated scans of your site for malware, threats, and hacks.
• Expert Support
  Fast, priority support for any WordPress security issue.

Choose Your Plan