7.2
CVE-2022-2903
- EPSS 0.78%
- Veröffentlicht 26.09.2022 13:15:10
- Zuletzt bearbeitet 21.05.2025 20:15:28
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginNinja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.6.12 - Authenticated (Administrator+) PHP Objection Injection
The Ninja Forms Contact Form WordPress plugin before 3.6.13 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.
Mögliche Gegenmaßnahme
Ninja Forms – The Contact Form Builder That Grows With You: Update to version 3.6.13, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Ninja Forms – The Contact Form Builder That Grows With You
Version
*-3.6.12
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ninjaforms ≫ Ninja Forms SwPlatformwordpress Version < 3.6.13
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.78% | 0.734 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-502 Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.