7.2
CVE-2023-36505
- EPSS 0.39%
- Veröffentlicht 17.04.2024 09:15:07
- Zuletzt bearbeitet 15.04.2025 19:58:20
- Quelle audit@patchstack.com
- CVE-Watchlists
- Unerledigt
LoginNinja Forms <= 3.6.24 - Authenticated (Admin+) Arbitrary File Deletion
Improper Input Validation vulnerability in Saturday Drive Ninja Forms Contact Form.This issue affects Ninja Forms Contact Form : from n/a through 3.6.24.
Mögliche Gegenmaßnahme
Ninja Forms – The Contact Form Builder That Grows With You: Update to version 3.6.25, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Ninja Forms – The Contact Form Builder That Grows With You
Version
*-3.6.24
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ninjaforms ≫ Ninja Forms SwPlatformwordpress Version < 3.6.25
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.39% | 0.596 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| audit@patchstack.com | 6.8 | 2.3 | 4 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.