CVE-2024-37934

CWE-94 — Code Injection3 documents3 sources

Severity

9.8CRITICAL

EPSS

1.1%

top 22.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ninjaforms Ninja Forms Saturday Drive Ninja Forms

Timeline

PublishedJul 9

Description

Improper Control of Generation of Code ('Code Injection') vulnerability in Saturday Drive Ninja Forms allows Code Injection.This issue affects Ninja Forms: from n/a through 3.8.4.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

▶CVEListV5saturday_drive/ninja_formsn/a — 3.8.4

▶NVDninjaforms/ninja_forms< 3.8.5

🔴Vulnerability Details

GHSA

GHSA-6qqq-c4rv-g79r: Improper Control of Generation of Code ('Code Injection') vulnerability in Saturday Drive Ninja Forms allows Code Injection↗2024-07-09

▶

CVEList

WordPress Ninja Forms plugin <= 3.8.4 - Subscriber+ Arbitrary Shortcode Execution vulnerability↗2024-07-09

▶