7.2
CVE-2023-36505
- EPSS 0.6%
- Veröffentlicht 17.04.2024 09:15:07
- Zuletzt bearbeitet 28.04.2026 19:20:51
- Quelle audit@patchstack.com
- CVE-Watchlists
- Unerledigt
LoginWordPress Ninja Forms Plugin <= 3.6.24 is vulnerable to Arbitrary File Deletion
Ninja Forms <= 3.6.24 - Authenticated (Admin+) Arbitrary File Deletion
Improper Input Validation vulnerability in Saturday Drive Ninja Forms Contact Form.This issue affects Ninja Forms Contact Form : from n/a through 3.6.24.
Mögliche Gegenmaßnahme
Ninja Forms – The Contact Form Builder That Grows With You: Update to version 3.6.25, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ninjaforms ≫ Ninja Forms SwPlatformwordpress Version < 3.6.25
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Ninja Forms – The Contact Form Builder That Grows With You
Version
*-3.6.24
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.6% | 0.44 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| audit@patchstack.com | 6.8 | 2.3 | 4 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
https://patchstack.com/database/vulnerability/ninja-forms/wordpress-ninja-forms-contact-form-the-drag-and-drop-form-builder-for-wordpress-plugin-3-6-24-arbitrary-file-deletion-vulnerability?_s_id=cve
https://www.wordfence.com/threat-intel/vulnerabilities/id/e97479b1-06a0-4e24-9d2b-005bdfec9eaf