CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
15.5%
WordPress Plugin “Ninja Forms” provided by Saturday Drive contains multiple vulnerabilities listed below.
Cross-site request forgery (CWE-352) CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Base Score 4.3 CVE-2024-25572Stored cross-site scripting in submit processing (CWE-79)CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score 5.4 CVE-2024-26019Stored cross-site scripting in custom fields for labels (CWE-79) CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score 5.4 CVE-2024-29220
Update the Software
Update the software to the latest version according to the information provided by the developer.
CVE-2024-25572
Ninja Forms versions prior to 3.4.31
CVE-2024-26019, CVE-2024-29220
Ninja Forms versions prior to 3.8.1