Lucene search

PatchstackCVELIST:CVE-2023-35909

HistoryDec 07, 2023 - 11:15 a.m.

CVE-2023-35909 WordPress Ninja Forms Plugin <= 3.6.25 is vulnerable to Denial of Service Attack

2023-12-0711:15:26

CWE-400

Patchstack

www.cve.org

denial of service

uncontrolled resource consumption

wordpress plugin

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

0.0005 Low

EPSS

Percentile

17.1%

JSON

Uncontrolled Resource Consumption vulnerability in Saturday Drive Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress leading to DoS.This issue affects Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress: from n/a through 3.6.25.

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "ninja-forms",
    "product": "Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress",
    "vendor": "Saturday Drive",
    "versions": [
      {
        "changes": [
          {
            "at": "3.6.26",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "3.6.25",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/ninja-forms/wordpress-ninja-forms-plugin-3-6-25-denial-of-service-attack-vulnerability?_s_id=cve

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for CVELIST:CVE-2023-35909