Lucene search
K

CVE-2022-2903

🗓️ 26 Sep 2022 12:35:34Reported by WPScanType 
cve
 cve
🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 69 Views🌐 WEB

The Ninja Forms Contact Form WordPress plugin before 3.6.13 allows PHP object injections via unserialized content in imported files

Related
Detection
Affected
Refs
Paths
Social
ReporterTitlePublishedViews
Family
Circl
CVE-2022-2903
26 Sep 202216:21
circl
CNNVD
WordPress plugin Ninja Forms Contact Form 代码问题漏洞
26 Sep 202200:00
cnnvd
Cvelist
CVE-2022-2903 NinjaForms < 3.6.13 - Admin+ PHP Objection Injection
26 Sep 202212:35
cvelist
EUVD
EUVD-2022-35131
3 Oct 202520:07
euvd
NVD
CVE-2022-2903
26 Sep 202213:15
nvd
OpenVAS
WordPress Ninja Forms Plugin < 3.6.13 Insecure Deserialization Vulnerability
28 Sep 202200:00
openvas
OSV
CVE-2022-2903
26 Sep 202213:15
osv
Patchstack
WordPress NinjaForms plugin <= 3.6.12 - Authenticated PHP Objection Injection vulnerability
5 Sep 202200:00
patchstack
Prion
Design/Logic Flaw
26 Sep 202213:15
prion
RedhatCVE
CVE-2022-2903
22 May 202522:44
redhatcve
Rows per page
NVD
Vulners
Node
ninjaformsninja_formsRange<3.6.13wordpress
[
  {
    "product": "Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "3.6.13",
        "status": "affected",
        "version": "3.6.13",
        "versionType": "custom"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
nf_import_fieldsrequest body/wp-admin/admin.php?page=nf-import-export&tab=favorite_fieldsPHP object injection via unserialisation during import of a crafted file in Ninja Forms plugin prior to 3.6.13CWE-502
nf_import_securityrequest body/wp-admin/admin.php?page=nf-import-export&tab=favorite_fieldsPHP object injection via unserialisation during import of a crafted file in Ninja Forms plugin prior to 3.6.13CWE-502

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 04:42Current
7High risk
Vulners AI Score7
CVSS 3.17.2
EPSS0.01091
SSVC
69