Lucene search
HistoryApr 11, 2024 - 3:15 a.m.
CVE-2024-25572
cross-site request forgery
vulnerability
ninja forms
unintended operations
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
6.6
Confidence
Low
EPSS
0
Percentile
15.5%
Cross-site request forgery (CSRF) vulnerability exists in Ninja Forms prior to 3.4.31. If a website administrator views a malicious page while logging in, unintended operations may be performed.
Related
cvelist
cvelist
CVE-2024-25572
2024-04-11 02:29:38
cve
cve
CVE-2024-25572
2024-04-11 03:15:09
vulnrichment
vulnrichment
CVE-2024-25572
2024-04-11 02:29:38
jvn
jvn
JVN#50361500: Multiple vulnerabilities in WordPress Plugin "Ninja Forms"
2024-04-08 00:00:00
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
6.6
Confidence
Low
EPSS
0
Percentile
15.5%
Related for NVD:CVE-2024-25572