CVE-2021-24166

Summary

The wp_ajax_nf_oauth_disconnect from the Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 had no nonce protection making it possible for attackers to craft a request to disconnect a site's OAuth connection.

Affected Software

VendorProductVersion RangeStatus
UnknownNinja Forms Contact Form – The Drag and Drop Form Builder for WordPress3.4.34 < 3.4.34affected

Weaknesses

  • CWE-352: CWE-352 Cross-Site Request Forgery (CSRF)

ADP Enrichment

CVE Program Container

Additional References

References