CVE-2024-39628 — Cross-Site Request Forgery in Ninja Forms

CWE-352 — Cross-Site Request Forgery3 documents3 sources

Severity

8.8HIGHNVD

CNA5.4

EPSS

0.1%

top 67.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ninjaforms Ninja Forms Saturday Drive Ninja Forms

Timeline

PublishedAug 26

Description

Cross-Site Request Forgery (CSRF) vulnerability in Saturday Drive Ninja Forms allows Cross Site Request Forgery.This issue affects Ninja Forms: from n/a through 3.8.6.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5saturday_drive/ninja_formsn/a — 3.8.6

▶NVDninjaforms/ninja_forms< 3.8.7

🔴Vulnerability Details

CVEList

WordPress Ninja Forms plugin <= 3.8.6 - Cross Site Request Forgery (CSRF) vulnerability↗2024-08-26

▶

GHSA

GHSA-pc8g-cqpp-27hp: Cross-Site Request Forgery (CSRF) vulnerability in Saturday Drive Ninja Forms↗2024-08-26

▶