Lucene search
Copyright (C) 2022 Greenbone AGOPENVAS:1361412562310126158HistorySep 28, 2022 - 12:00 a.m.
WordPress Ninja Forms Plugin < 3.6.13 Insecure Deserialization Vulnerability
2022-09-2800:00:00
Copyright (C) 2022 Greenbone AG
plugins.openvas.org
6
wordpress
ninja forms
insecure deserialization
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
42.9%
The WordPress plugin Ninja Forms is prone to an insecure
deserialization vulnerability.
# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:ninjaforms:contact_form";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.126158");
script_version("2024-06-27T05:05:29+0000");
script_tag(name:"last_modification", value:"2024-06-27 05:05:29 +0000 (Thu, 27 Jun 2024)");
script_tag(name:"creation_date", value:"2022-09-28 08:03:02 +0000 (Wed, 28 Sep 2022)");
script_tag(name:"cvss_base", value:"8.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:M/C:C/I:C/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2022-09-28 17:34:00 +0000 (Wed, 28 Sep 2022)");
script_cve_id("CVE-2022-2903");
script_tag(name:"qod_type", value:"remote_banner");
script_tag(name:"solution_type", value:"VendorFix");
script_name("WordPress Ninja Forms Plugin < 3.6.13 Insecure Deserialization Vulnerability");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2022 Greenbone AG");
script_family("Web application abuses");
script_dependencies("gb_wordpress_plugin_http_detect.nasl");
script_mandatory_keys("wordpress/plugin/ninja-forms/detected");
script_tag(name:"summary", value:"The WordPress plugin Ninja Forms is prone to an insecure
deserialization vulnerability.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"The plugin unserialises the content of an imported file, which
could lead to PHP object injections issues when an admin import a malicious file and a suitable
gadget chain is present on the blog.");
script_tag(name:"affected", value:"WordPress Ninja Forms plugin prior to version 3.6.13.");
script_tag(name:"solution", value:"Update to version 3.6.13 or later.");
script_xref(name:"URL", value:"https://wpscan.com/vulnerability/255b98ba-5da9-4424-a7e9-c438d8905864");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if (!port = get_app_port(cpe: CPE))
exit(0);
if (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))
exit(0);
version = infos["version"];
location = infos["location"];
if( version_is_less( version: version, test_version: "3.6.13" ) ) {
report = report_fixed_ver( installed_version: version, fixed_version: "3.6.13", install_path: location );
security_message( data: report, port: port );
exit( 0 );
}
exit(99);
Related
patchstack
patchstack
nvd
nvd
CVE-2022-2903
2022-09-26 13:15:10
prion
prion
Design/Logic Flaw
2022-09-26 13:15:00
wpexploit
wpexploit
NinjaForms < 3.6.13 - Admin+ PHP Objection Injection
2022-09-05 00:00:00
wpvulndb
wpvulndb
NinjaForms < 3.6.13 - Admin+ PHP Objection Injection
2022-09-05 00:00:00
cvelist
cvelist
CVE-2022-2903 NinjaForms < 3.6.13 - Admin+ PHP Objection Injection
2022-09-26 12:35:34
cve
cve
CVE-2022-2903
2022-09-26 13:15:10
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
42.9%
Related for OPENVAS:1361412562310126158