Lucene search
PatchstackVULNRICHMENT:CVE-2023-36505HistoryApr 17, 2024 - 9:09 a.m.
CVE-2023-36505 WordPress Ninja Forms Plugin <= 3.6.24 is vulnerable to Arbitrary File Deletion
2024-04-1709:09:33
CWE-20
Patchstack
github.com
1
cve-2023-36505
input validation
arbitrary file deletion
saturday drive ninja forms contact form
6.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
6.9 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Improper Input Validation vulnerability in Saturday Drive Ninja Forms Contact Form.This issue affects Ninja Forms Contact Form : from n/a through 3.6.24.
CNA Affected
[
{
"collectionURL": "https://wordpress.org/plugins/ninja-forms/",
"defaultStatus": "unaffected",
"packageName": "ninja-forms",
"product": "Ninja Forms Contact Form ",
"vendor": "Saturday Drive",
"versions": [
{
"changes": [
{
"at": "3.6.25",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.6.24",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
]Related
nvd
nvd
CVE-2023-36505
2024-04-17 09:15:07
cve
cve
CVE-2023-36505
2024-04-17 09:15:07
wpvulndb
wpvulndb
Ninja Forms < 3.6.25 - Admin+ Arbitrary File Deletion
2023-06-22 00:00:00
cvelist
cvelist
wordfence
wordfence
6.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
6.9 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Related for VULNRICHMENT:CVE-2023-36505