Detections
Analytics
Ninja Forms Plugin for WordPress < 3.6.26 Multiple Vulnerabilities
high Web App Scanning Plugin ID 113986
Language:
Synopsis
Ninja Forms Plugin for WordPress < 3.6.26 Multiple VulnerabilitiesDescription
The WordPress Ninja Forms Plugin installed on the remote host is affected by multiple vulnerabilities.Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade to Ninja Forms Plugin for WordPress 3.6.26 or latest.See Also
https://patchstack.com/articles/multiple-high-severity-vulnerabilities-in-ninja-forms-plugin/
Plugin Details
Severity: High
ID: 113986
Type: remote
Family: Component Vulnerability
Published: 8/7/2023
Updated: 8/9/2023
Scan Template: basic, full, pci, scan
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Medium
Base Score: 6.4
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N
CVSS Score Source: CVE-2023-37979
CVSS v3
Risk Factor: High
Base Score: 7.6
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
CVSS Score Source: CVE-2023-38386
Vulnerability Information
CPE: cpe:2.3:a:ninjaforms:ninja_forms:*:*:*:*:*:wordpress:*:*
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 7/27/2023
Vulnerability Publication Date: 7/27/2023
Reference Information
CVE: CVE-2023-37979, CVE-2023-38386, CVE-2023-38393
OWASP: 2010-A2, 2010-A8, 2013-A3, 2013-A7, 2013-A9, 2017-A5, 2017-A7, 2017-A9, 2021-A1, 2021-A3, 2021-A6
WASC: Cross-Site Scripting, Insufficient Authorization
CAPEC: 209, 588, 591, 592, 63, 85
DISA STIG: APSC-DV-000460, APSC-DV-002490, APSC-DV-002630
HIPAA: 164.306(a)(1), 164.306(a)(2), 164.312(a)(1), 164.312(a)(2)(i)
ISO: 27001-A.13.1.1, 27001-A.14.1.2, 27001-A.14.1.3, 27001-A.14.2.5, 27001-A.18.1.3, 27001-A.6.2.2, 27001-A.9.1.2, 27001-A.9.4.1, 27001-A.9.4.4, 27001-A.9.4.5
NIST: sp800_53-AC-3, sp800_53-CM-6b, sp800_53-SI-10
OWASP API: 2019-API7, 2023-API8
OWASP ASVS: 4.0.2-14.2.1, 4.0.2-5.3.3