CVE-2024-12238 – This vulnerability allows authenticated WordPre... (How to Fix)

Q: What is the severity of CVE-2024-12238?

CVE-2024-12238 has a CVSS score of 6.3 (MEDIUM). This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to execute arbitrary shortcodes through the Ninja Forms plugin. Attackers can leverage this to run malicious code, potentially compromising the site. All WordPress sites using Ninja Forms versions up to 3.8.22 are affected.

📋 TL;DR

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to execute arbitrary shortcodes through the Ninja Forms plugin. Attackers can leverage this to run malicious code, potentially compromising the site. All WordPress sites using Ninja Forms versions up to 3.8.22 are affected.

💻 Affected Systems

Products:

Ninja Forms – The Contact Form Builder That Grows With You

Versions: All versions up to and including 3.8.22

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress with the plugin installed and at least one authenticated user with Subscriber role or higher.

📦 What is this software?

Ninja Forms by Ninjaforms

View all CVEs affecting Ninja Forms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full site compromise through remote code execution if malicious shortcodes are available, leading to data theft, defacement, or malware installation.

🟠

Likely Case

Privilege escalation, data manipulation, or injection of malicious content through existing shortcode functionality.

🟢

If Mitigated

Limited impact if proper access controls restrict Subscriber accounts and shortcode functionality is monitored.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is straightforward once an account is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.8.23 or later

Vendor Advisory: https://wordpress.org/plugins/ninja-forms/#developers

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find Ninja Forms and click 'Update Now'. 4. Verify update to version 3.8.23 or higher.

🔧 Temporary Workarounds

Restrict User Registration

all

Disable new user registration to prevent attackers from obtaining Subscriber accounts.

Remove Plugin

all

Temporarily deactivate and remove the Ninja Forms plugin until patched.

🧯 If You Can't Patch

Implement strict access controls to limit Subscriber account creation and monitor existing accounts.
Use web application firewall rules to block suspicious shortcode execution attempts.

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Installed Plugins for Ninja Forms version 3.8.22 or lower.

Check Version:

wp plugin list --name=ninja-forms --field=version

Verify Fix Applied:

Confirm Ninja Forms version is 3.8.23 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Unusual shortcode execution in WordPress debug logs
Multiple failed authentication attempts followed by successful login

Network Indicators:

HTTP POST requests to Ninja Forms endpoints with shortcode parameters

SIEM Query:

source="wordpress" AND (event="shortcode_execution" OR plugin="ninja-forms")

📊 Metadata

CVE ID: CVE-2024-12238

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-94

Published: December 29, 2024

Last Updated: April 18, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-12238, you might also want to check these: