Lucene search
PatchstackCVELIST:CVE-2023-36505HistoryApr 17, 2024 - 9:09 a.m.
CVE-2023-36505 WordPress Ninja Forms Plugin <= 3.6.24 is vulnerable to Arbitrary File Deletion
2024-04-1709:09:33
CWE-20
Patchstack
www.cve.org
wordpress
ninja forms
3.6.24
arbitrary file deletion
input validation
6.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
0.0004 Low
EPSS
Percentile
9.1%
Improper Input Validation vulnerability in Saturday Drive Ninja Forms Contact Form.This issue affects Ninja Forms Contact Form : from n/a through 3.6.24.
CNA Affected
[
{
"collectionURL": "https://wordpress.org/plugins/ninja-forms/",
"defaultStatus": "unaffected",
"packageName": "ninja-forms",
"product": "Ninja Forms Contact Form ",
"vendor": "Saturday Drive",
"versions": [
{
"changes": [
{
"at": "3.6.25",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.6.24",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
]Related
nvd
nvd
CVE-2023-36505
2024-04-17 09:15:07
cve
cve
CVE-2023-36505
2024-04-17 09:15:07
wpvulndb
wpvulndb
Ninja Forms < 3.6.25 - Admin+ Arbitrary File Deletion
2023-06-22 00:00:00
vulnrichment
vulnrichment
wordfence
wordfence
6.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
0.0004 Low
EPSS
Percentile
9.1%
Related for CVELIST:CVE-2023-36505