Ninja Forms CSRF Vulnerability Affects Versions from n/a to 3.8.6
CVE-2024-39628

8.8HIGH

Key Information:

Vendor: WordPress
Status: Ninja Forms
Vendor: CVE Published:; 26 August 2024

What is CVE-2024-39628?

A Cross-Site Request Forgery (CSRF) vulnerability exists in Ninja Forms, a popular WordPress plugin developed by Saturday Drive. This vulnerability permits attackers to perform unauthorized actions on behalf of authenticated users, potentially compromising the integrity of affected WordPress sites. The weakness is present in all versions of Ninja Forms from n/a up to 3.8.6, making it imperative for users and administrators to apply necessary updates and implement security best practices to mitigate potential threats.

Affected Version(s)

Ninja Forms <= 3.8.6

References

https://patchstack.com/database/vulnerability/ninja-forms...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 26, 2024

Credit

Rafie Muhammad (Patchstack)