Ninja Forms – The Easy and Powerful Forms Builder

Version Description

(10 January 2019) =

Security:

(2.9x) Duplicated previous blind SQL injection patch for our deprecated 2.9x codebase. Many thanks to Plugin Vulnerabilities for reporting that our initial pass missed this.

Developer	krmoorhouse
Plugin	Ninja Forms – The Easy and Powerful Forms Builder
Version	3.3.21.3
Comparing to
See all releases

Files changed (4) hide show

deprecated/classes/subs-cpt.php CHANGED Viewed

	@@ -593,6 +593,7 @@ class NF_Subs_CPT {
593
594	foreach ($keywords as $word) {
595

596	$query .= " (mypm1.meta_value LIKE '%{$word}%') OR ";
597	}
598


593
594	foreach ($keywords as $word) {
595
596	+ $wpdb->escape_by_ref( $word );
597	$query .= " (mypm1.meta_value LIKE '%{$word}%') OR ";
598	}
599

deprecated/ninja-forms.php CHANGED Viewed

ninja-forms.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	Plugin Name: Ninja Forms
4	Plugin URI: http://ninjaforms.com/
5	Description: Ninja Forms is a webform builder with unparalleled ease of use and features.
6	- Version: 3.3.21.2
7	Author: The WP Ninjas
8	Author URI: http://ninjaforms.com
9	Text Domain: ninja-forms
	@@ -57,7 +57,7 @@ if( get_option( 'ninja_forms_load_deprecated', FALSE ) && ! ( isset( $_POST[ 'nf
57	/**
58	* @since 3.0
59	*/
60	- const VERSION = '3.3.21.2';
61
62	const WP_MIN_VERSION = '4.8';
63


3	Plugin Name: Ninja Forms
4	Plugin URI: http://ninjaforms.com/
5	Description: Ninja Forms is a webform builder with unparalleled ease of use and features.
6	+ Version: 3.3.21.3
7	Author: The WP Ninjas
8	Author URI: http://ninjaforms.com
9	Text Domain: ninja-forms

57	/**
58	* @since 3.0
59	*/
60	+ const VERSION = '3.3.21.3';
61
62	const WP_MIN_VERSION = '4.8';
63

readme.txt CHANGED Viewed

	@@ -3,7 +3,7 @@ Contributors: wpninjasllc, kstover, jameslaws, kbjohnson90, klhall1987, krmoorho
3	Tags: form, forms, contact form, custom form, form builder, form creator, form manager, form creation, contact forms, custom forms, forms builder, forms creator, forms manager, forms creation, form administration,
4	Requires at least: 4.8
5	Tested up to: 5.0
6	- Stable tag: 3.3.21.2
7	License: GPLv2 or later
8
9	Drag and drop fields in an intuitive UI to create contact forms, email subscription forms, order forms, payment forms, send emails and more!
	@@ -111,14 +111,20 @@ For help and video tutorials, please visit our website: [Ninja Forms Documentati
111
112	== Upgrade Notice ==
113
114	- = 3.3.21.2 (7 January 2019) =
115
116	Security:
117
118	- * ~~Patched~~ a blind SQL injection ~~vulnerability~~ in ~~the~~ ~~search~~ ~~filter~~ on ~~our~~ ~~submissions~~ ~~page.~~ ~~Thank~~ ~~you~~ to ~~Samuel~~ ~~Anttila~~ at ~~netsec.expert~~ ~~for~~ ~~practicing~~ ~~responsible disclosure~~.
119
120	== Changelog ==
121






122	= 3.3.21.2 (7 January 2019) =
123
124	Security:


3	Tags: form, forms, contact form, custom form, form builder, form creator, form manager, form creation, contact forms, custom forms, forms builder, forms creator, forms manager, forms creation, form administration,
4	Requires at least: 4.8
5	Tested up to: 5.0
6	+ Stable tag: 3.3.21.3
7	License: GPLv2 or later
8
9	Drag and drop fields in an intuitive UI to create contact forms, email subscription forms, order forms, payment forms, send emails and more!

111
112	== Upgrade Notice ==
113
114	+ = 3.3.21.3 (10 January 2019) =
115
116	Security:
117
118	+ * (2.9x) Duplicated previous blind SQL injection patch for our deprecated 2.9x codebase. Many thanks to Plugin Vulnerabilities for reporting that our initial pass missed this.
119
120	== Changelog ==
121
122	+ = 3.3.21.3 (10 January 2019) =
123	+
124	+ Security:
125	+
126	+ * (2.9x) Duplicated previous blind SQL injection patch for our deprecated 2.9x codebase. Many thanks to Plugin Vulnerabilities for reporting that our initial pass missed this.
127	+
128	= 3.3.21.2 (7 January 2019) =
129
130	Security: