CVE-2023-35909
WordPress Ninja Forms Plugin <= 3.6.25 is vulnerable to Denial of Service Attack
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Uncontrolled Resource Consumption vulnerability in Saturday Drive Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress leading to DoS.This issue affects Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress: from n/a through 3.6.25.
Vulnerabilidad de consumo de recursos incontrolado en Saturday Drive Ninja Forms Contact Form – The Drag and Drop Form Builder para WordPress que conduce a DoS. Este problema afecta a Ninja Forms Contact Form – The Drag and Drop Form Builder para WordPress: desde n/a hasta 3.6.25.
The Ninja Forms plugin for WordPress is vulnerable to denial of service in versions up to, and including, 3.6.25. This is due to insufficient controls on form submissions. This makes it possible for unauthenticated attackers to craft form submissions with excessive extra data that may exceed the capacity of the database and prevent further requests from being successful while the submission is processing.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-06-20 CVE Reserved
- 2023-07-07 CVE Published
- 2024-08-02 CVE Updated
- 2024-11-06 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-400: Uncontrolled Resource Consumption
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://patchstack.com/database/vulnerability/ninja-forms/wordpress-ninja-forms-plugin-3-6-25-denial-of-service-attack-vulnerability?_s_id=cve | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Ninjaforms Search vendor "Ninjaforms" | Ninja Forms Search vendor "Ninjaforms" for product "Ninja Forms" | < 3.6.26 Search vendor "Ninjaforms" for product "Ninja Forms" and version " < 3.6.26" | wordpress |
Affected
|