CVE-2021-24165

Summary

In the Ninja Forms Contact Form WordPress plugin before 3.4.34, the wp_ajax_nf_oauth_connect AJAX action was vulnerable to open redirect due to the use of a user supplied redirect parameter and no protection in place.

Affected Software

VendorProductVersion RangeStatus
UnknownNinja Forms Contact Form – The Drag and Drop Form Builder for WordPress3.4.34 < 3.4.34affected

Weaknesses

  • CWE-601: CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

ADP Enrichment

CVE Program Container

Additional References

References