CVE-2021-24165
N/A
N/A
Summary
In the Ninja Forms Contact Form WordPress plugin before 3.4.34, the wp_ajax_nf_oauth_connect AJAX action was vulnerable to open redirect due to the use of a user supplied redirect parameter and no protection in place.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress | 3.4.34 < 3.4.34 | affected |
Weaknesses
- CWE-601: CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
ADP Enrichment
CVE Program Container
Additional References
- https://www.wordfence.com/blog/2021/02/one-million-sites-affected-four-severe-vulnerabilities-patched-in-ninja-forms/
- https://wpscan.com/vulnerability/6147acf5-e43f-47e6-ab56-c9c8be584818
References
- https://www.wordfence.com/blog/2021/02/one-million-sites-affected-four-severe-vulnerabilities-patched-in-ninja-forms/
- https://wpscan.com/vulnerability/6147acf5-e43f-47e6-ab56-c9c8be584818
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.