CVE-2023-35909 — Uncontrolled Resource Consumption in Ninja Forms

CWE-400 — Uncontrolled Resource Consumption3 documents3 sources

Severity

5.3MEDIUMNVD

EPSS

0.3%

top 43.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ninjaforms Ninja Forms Saturday Drive Ninja Forms Contact Form THE Drag AND Drop Form Builder FOR Wordpress

Timeline

PublishedDec 7

Description

Uncontrolled Resource Consumption vulnerability in Saturday Drive Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress leading to DoS.This issue affects Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress: from n/a through 3.6.25.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5saturday_drive/ninja_forms_contact_form_the_drag_and_drop_form_builder_for_wordpressn/a — 3.6.25

▶NVDninjaforms/ninja_forms< 3.6.26

🔴Vulnerability Details

GHSA

GHSA-m439-4cf8-qgfv: Uncontrolled Resource Consumption vulnerability in Saturday Drive Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress leading to D↗2023-12-07

▶

CVEList

WordPress Ninja Forms Plugin <= 3.6.25 is vulnerable to Denial of Service Attack↗2023-12-07

▶