Vulnerabilites related to kstover - Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress
cve-2024-0685
Vulnerability from cvelistv5
Published
2024-02-02 04:32
Modified
2024-08-01 18:11
Severity ?
EPSS score ?
Summary
The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Second Order SQL Injection via the email address value submitted through forms in all versions up to, and including, 3.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to inject SQL in their email address that will append additional into the already existing query when an administrator triggers a personal data export.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| kstover | Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress |
Version: * ≤ 3.7.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0685",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-02T14:45:51.836495Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:23.351Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:11:35.720Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3cb73d5d-ca4a-4103-866d-f7bb369a8ce4?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3028929/ninja-forms/trunk/includes/Admin/UserDataRequests.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://sec.stealthcopter.com/ninja-contact-forms/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Ninja Forms Contact Form \u2013 The Drag and Drop Form Builder for WordPress",
"vendor": "kstover",
"versions": [
{
"lessThanOrEqual": "3.7.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matthew Rollings"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Ninja Forms Contact Form \u2013 The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Second Order SQL Injection via the email address value submitted through forms in all versions up to, and including, 3.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to inject SQL in their email address that will append additional into the already existing query when an administrator triggers a personal data export."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-12T21:25:50.189Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3cb73d5d-ca4a-4103-866d-f7bb369a8ce4?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3028929/ninja-forms/trunk/includes/Admin/UserDataRequests.php"
},
{
"url": "https://sec.stealthcopter.com/ninja-contact-forms/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-02-01T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-0685",
"datePublished": "2024-02-02T04:32:34.919Z",
"dateReserved": "2024-01-18T14:29:14.852Z",
"dateUpdated": "2024-08-01T18:11:35.720Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-2113
Vulnerability from cvelistv5
Published
2024-03-29 06:43
Modified
2024-08-01 19:03
Severity ?
EPSS score ?
Summary
The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.0. This is due to missing or incorrect nonce validation on the nf_download_all_subs AJAX action. This makes it possible for unauthenticated attackers to trigger an export of a form's submission to a publicly accessible location via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| kstover | Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress |
Version: * ≤ 3.8.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2113",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-29T13:48:12.104317Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-29T13:48:50.081Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:03:39.222Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3ebfc9f5-abb7-47bc-bd38-f60df1cccb5d?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3059780/ninja-forms/trunk/includes/Admin/CPT/DownloadAllSubmissions.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Ninja Forms Contact Form \u2013 The Drag and Drop Form Builder for WordPress",
"vendor": "kstover",
"versions": [
{
"lessThanOrEqual": "3.8.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tobias Wei\u00dfhaar"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Ninja Forms Contact Form \u2013 The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.0. This is due to missing or incorrect nonce validation on the nf_download_all_subs AJAX action. This makes it possible for unauthenticated attackers to trigger an export of a form\u0027s submission to a publicly accessible location via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-29T06:43:58.122Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3ebfc9f5-abb7-47bc-bd38-f60df1cccb5d?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3059780/ninja-forms/trunk/includes/Admin/CPT/DownloadAllSubmissions.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-28T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-2113",
"datePublished": "2024-03-29T06:43:58.122Z",
"dateReserved": "2024-03-01T19:08:29.730Z",
"dateUpdated": "2024-08-01T19:03:39.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-2108
Vulnerability from cvelistv5
Published
2024-03-29 06:44
Modified
2024-08-01 19:03
Severity ?
EPSS score ?
Summary
The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an image title embedded into a form in all versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| kstover | Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress |
Version: * ≤ 3.8.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2108",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-29T13:46:18.898240Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:29:56.360Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:03:39.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6a6eb430-cf86-4e13-a4f7-173fada9fddf?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3059780/ninja-forms/tags/3.8.1/includes/Fields/ListImage.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Ninja Forms Contact Form \u2013 The Drag and Drop Form Builder for WordPress",
"vendor": "kstover",
"versions": [
{
"lessThanOrEqual": "3.8.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tim Coen"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Ninja Forms Contact Form \u2013 The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an image title embedded into a form in all versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-29T06:44:00.618Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6a6eb430-cf86-4e13-a4f7-173fada9fddf?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3059780/ninja-forms/tags/3.8.1/includes/Fields/ListImage.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-28T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-2108",
"datePublished": "2024-03-29T06:44:00.618Z",
"dateReserved": "2024-03-01T18:34:17.648Z",
"dateUpdated": "2024-08-01T19:03:39.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}