Filtered by vendor Ninjateam
Subscriptions
Total
44 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-24591 | 1 Ninjateam | 1 Gdpr Ccpa Compliance \& Cookie Consent Banner | 2026-04-01 | 8.8 High |
| Missing Authorization vulnerability in Ninja Team GDPR CCPA Compliance Support ninja-gdpr-compliance allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GDPR CCPA Compliance Support: from n/a through <= 2.7.1. | ||||
| CVE-2024-53825 | 1 Ninjateam | 1 Filebird | 2026-04-01 | 7.2 High |
| Missing Authorization vulnerability in Ninja Team Filebird filebird allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filebird: from n/a through <= 6.3.2. | ||||
| CVE-2024-49281 | 1 Ninjateam | 1 Click To Chat | 2026-04-01 | 5.4 Medium |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Ninja Team Click to Chat – WP Support All-in-One Floating Widget support-chat allows Stored XSS.This issue affects Click to Chat – WP Support All-in-One Floating Widget: from n/a through <= 2.3.3. | ||||
| CVE-2024-47331 | 1 Ninjateam | 2 Multi Step For Contact Form, Multi Step For Contact Form 7 | 2026-04-01 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ninja Team Multi Step for Contact Form cf7-multi-step allows SQL Injection.This issue affects Multi Step for Contact Form: from n/a through <= 2.7.7. | ||||
| CVE-2025-66134 | 2 Ninjateam, Wordpress | 2 Filebird, Wordpress | 2026-04-01 | 5.4 Medium |
| Missing Authorization vulnerability in NinjaTeam FileBird Pro filebird-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FileBird Pro: from n/a through <= 6.5.1. | ||||
| CVE-2025-68073 | 2 Ninjateam, Wordpress | 2 Gpdr Ccpa Compliance Support, Wordpress | 2026-04-01 | 6.5 Medium |
| Missing Authorization vulnerability in Ninja Team GDPR CCPA Compliance Support ninja-gdpr-compliance allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GDPR CCPA Compliance Support: from n/a through <= 2.7.4. | ||||
| CVE-2026-0604 | 2 Ninjateam, Wordpress | 2 Fastdup, Wordpress | 2026-01-08 | 6.5 Medium |
| The FastDup – Fastest WordPress Migration & Duplicator plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.7 via the 'dir_path' parameter in the 'njt-fastdup/v1/template/directory-tree' REST API endpoint. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary directories on the server, which can contain sensitive information. | ||||
| CVE-2023-6592 | 1 Ninjateam | 1 Fastdup | 2025-06-20 | 5.3 Medium |
| The FastDup WordPress plugin before 2.2 does not prevent directory listing in sensitive directories containing export files. | ||||
| CVE-2023-51406 | 1 Ninjateam | 1 Fastdup | 2025-06-17 | 5.3 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ninja Team FastDup – Fastest WordPress Migration & Duplicator.This issue affects FastDup – Fastest WordPress Migration & Duplicator: from n/a through 2.1.7. | ||||
| CVE-2023-4861 | 1 Ninjateam | 1 Filester | 2025-04-23 | 7.2 High |
| The File Manager Pro WordPress plugin before 1.8.1 allows admin users to upload arbitrary files, even in environments where such a user should not be able to gain full control of the server, such as a multisite installation. This leads to remote code execution. | ||||
| CVE-2023-4827 | 1 Ninjateam | 1 Filester | 2025-04-23 | 8.8 High |
| The File Manager Pro WordPress plugin before 1.8 does not properly check the CSRF nonce in the `fs_connector` AJAX action. This allows attackers to make highly privileged users perform unwanted file system actions via CSRF attacks by using GET requests, such as uploading a web shell. | ||||
| CVE-2024-35166 | 1 Ninjateam | 1 Filebird | 2025-04-15 | 5.3 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ninja Team Filebird.This issue affects Filebird: from n/a through 5.6.3. | ||||
| CVE-2023-25966 | 1 Ninjateam | 1 Filebird | 2025-04-15 | 5.5 Medium |
| Missing Authorization vulnerability in Ninja Team Filebird allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filebird: from n/a through 5.1.4. | ||||
| CVE-2024-2837 | 1 Ninjateam | 1 Wp Chat App | 2025-04-14 | 5.4 Medium |
| The WP Chat App WordPress plugin before 3.6.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admins to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | ||||
| CVE-2024-7031 | 1 Ninjateam | 1 Filester | 2025-04-10 | 7.5 High |
| The File Manager Pro – Filester plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'njt_fs_saveSettingRestrictions' function in all versions up to, and including, 1.8.2. This makes it possible for authenticated attackers, with a role that has been granted permissions by an Administrator, to update the plugin settings for user role restrictions, including allowing file types such as .php to be uploaded. | ||||
| CVE-2024-4664 | 1 Ninjateam | 1 Wp Chat App | 2024-11-21 | 4.8 Medium |
| The WP Chat App WordPress plugin before 3.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admins to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. | ||||
| CVE-2023-51370 | 1 Ninjateam | 1 Wp Chat App | 2024-11-21 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NinjaTeam WP Chat App allows Stored XSS.This issue affects WP Chat App: from n/a through 3.4.4. | ||||
| CVE-2023-4862 | 1 Ninjateam | 1 Filester | 2024-11-21 | 4.8 Medium |
| The File Manager Pro WordPress plugin before 1.8.1 does not adequately validate and escape some inputs, leading to XSS by high-privilege users. | ||||
| CVE-2022-2093 | 1 Ninjateam | 1 Wp Duplicate Page | 2024-11-21 | 4.8 Medium |
| The WP Duplicate Page WordPress plugin before 1.3 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. | ||||
| CVE-2021-24385 | 1 Ninjateam | 1 Filebird | 2024-11-21 | 9.8 Critical |
| The Filebird Plugin 4.7.3 introduced a SQL injection vulnerability as it is making SQL queries without escaping user input data from a HTTP post request. This is a major vulnerability as the user input is not escaped and passed directly to the get_col function and it allows SQL injection. The Rest API endpoint which invokes this function also does not have any required permissions/authentication and can be accessed by an anonymous user. | ||||