CVE-2023-35909 WordPress Ninja Forms Plugin <= 3.6.25 is vulnerable to Denial of Service Attack

🗓️ 07 Dec 2023 11:15:26Reported by PatchstackType

Uncontrolled Resource Consumption in WordPress Ninja Forms Plugin v3.6.2

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2023-35909	17 Nov 202403:13	–	circl
CNNVD	WordPress Plugin Ninja Forms Contact Form Resource Management Error Vulnerability	7 Dec 202300:00	–	cnnvd
CVE	CVE-2023-35909	7 Dec 202311:15	–	cve
EUVD	EUVD-2023-39900	3 Oct 202520:07	–	euvd
NVD	CVE-2023-35909	7 Dec 202312:15	–	nvd
OpenVAS	WordPress Ninja Forms Contact Form Plugin < 3.6.26 Multiple Vulnerabilities	31 Aug 202300:00	–	openvas
OSV	CVE-2023-35909	7 Dec 202312:15	–	osv
Patchstack	WordPress Ninja Forms Plugin <= 3.6.25 is vulnerable to Denial of Service Attack	7 Jul 202300:00	–	patchstack
Prion	Denial of service	7 Dec 202312:15	–	prion
RedhatCVE	CVE-2023-35909	23 May 202505:35	–	redhatcve

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "ninja-forms",
    "product": "Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress",
    "vendor": "Saturday Drive",
    "versions": [
      {
        "changes": [
          {
            "at": "3.6.26",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "3.6.25",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
patchstack	www.patchstack.com/database/vulnerability/ninja-forms/wordpress-ninja-forms-plugin-3-6-25-denial-of-service-attack-vulnerability

28 Apr 2026 16:08Current

5.6Medium risk

Vulners AI Score5.6

CVSS 3.15.3

EPSS0.0033

CWE-400