4 matches found
CVE-2023-38393
CVE-2023-38393 is a vulnerability in WordPress Ninja Forms plugin versions ≤ 3.6.25, described as Missing Authorization / Broken Access Control. The issue permits a user with Subscriber/Contributor roles to perform an unauthorized action (export of all Ninja Forms submissions) due to a broken acc...
Multiple Flaws Found in Ninja Forms Plugin Leave 800,000 Sites Vulnerable
Multiple security vulnerabilities have been disclosed in the Ninja Forms plugin for WordPress that could be exploited by threat actors to escalate privileges and steal sensitive data. The flaws, tracked as CVE-2023-37979, CVE-2023-38386, and CVE-2023-38393, impact versions 3.6.25 and below,...
WordPress Ninja Forms Contact Form Plugin < 3.6.26 Multiple Vulnerabilities
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ninjaforms:contactform"; ifdescription...
WordPress Ninja Forms Plugin <= 3.6.25 is vulnerable to Broken Access Control
Software Ninja Forms Type Plugin Vulnerable versions = 3.6.25 Fixed in 3.6.26 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-38393 Patch priority High CVSS severity High 7.6 Developer Claim ownership PSID 44e08fdf7aed Credits Rafie Muhammad Patchstack...