CVE-2023-36505 — Improper Input Validation in Ninja Forms

CWE-20 — Improper Input Validation3 documents3 sources

Severity

7.2HIGHNVD

CNA6.8

EPSS

0.4%

top 39.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ninjaforms Ninja Forms Saturday Drive Ninja Forms Contact Form

Timeline

PublishedApr 17

Description

Improper Input Validation vulnerability in Saturday Drive Ninja Forms Contact Form.This issue affects Ninja Forms Contact Form : from n/a through 3.6.24.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5saturday_drive/ninja_forms_contact_formn/a — 3.6.24

▶NVDninjaforms/ninja_forms< 3.6.25

🔴Vulnerability Details

CVEList

WordPress Ninja Forms Plugin <= 3.6.24 is vulnerable to Arbitrary File Deletion↗2024-04-17

▶

GHSA

GHSA-v6h9-wr28-4v3c: Improper Input Validation vulnerability in Saturday Drive Ninja Forms Contact Form↗2024-04-17

▶