CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24163 – Ninja Forms < 3.4.34 - Authenticated SendWP Plugin Installation and Client Secret Key Disclosure
https://notcve.org/view.php?id=CVE-2021-24163
The AJAX action, wp_ajax_ninja_forms_sendwp_remote_install_handler, did not have a capability check on it, nor did it have any nonce protection, therefore making it possible for low-level users, such as subscribers, to install and activate the SendWP Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 and retrieve the client_secret key needed to establish the SendWP connection while also installing the SendWP plugin. La acción AJAX, wp_ajax_ninja_forms_sendwp_remote_install_handler, no tenía una comprobación de capacidad, ni tenía ninguna protección nonce, por lo que era posible para usuarios de bajo nivel, como los suscriptores, instalar y activar el SendWP Ninja Forms Contact Form †- El Drag and Drop Form Builder para WordPress“, para el plugin de WordPress versiones anteriores a 3.4.34 y recuperar la clave client_secret necesaria para establecer la conexión SendWP al mismo tiempo que se instala el plugin SendWP • https://wpscan.com/vulnerability/55fde9fa-f6cd-4546-bee8-4acc628251c2 https://www.wordfence.com/blog/2021/02/one-million-sites-affected-four-severe-vulnerabilities-patched-in-ninja-forms • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24166 – Ninja Forms < 3.4.34 - CSRF to OAuth Service Disconnection
https://notcve.org/view.php?id=CVE-2021-24166
The wp_ajax_nf_oauth_disconnect from the Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 had no nonce protection making it possible for attackers to craft a request to disconnect a site's OAuth connection. El plugin de WordPress wp_ajax_nf_oauth_disconnect from the Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress versiones anteriores a 3.4.34, no tenía protección nonce, haciendo posible que atacantes diseñen una petición para desconectar la conexión OAuth de un sitio • https://wpscan.com/vulnerability/b531fb65-a8ff-4150-a9a1-2a62a3c00bd6 https://www.wordfence.com/blog/2021/02/one-million-sites-affected-four-severe-vulnerabilities-patched-in-ninja-forms • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24164 – Ninja Forms < 3.4.34.1 - Authenticated OAuth Connection Key Disclosure
https://notcve.org/view.php?id=CVE-2021-24164
In the Ninja Forms Contact Form WordPress plugin before 3.4.34.1, low-level users, such as subscribers, were able to trigger the action, wp_ajax_nf_oauth, and retrieve the connection url needed to establish a connection. They could also retrieve the client_id for an already established OAuth connection. En el plugin de WordPress Ninja Forms Contact Form versiones anteriores a 3.4.34.1, los usuarios de bajo nivel, como los suscriptores, podían desencadenar la acción, wp_ajax_nf_oauth, y recuperar la URL de conexión necesaria para establecer una conexión. También podrían recuperar el client_id para una conexión OAuth ya establecida • https://wpscan.com/vulnerability/dfa32afa-c6de-4237-a9f2-709843dcda89 https://www.wordfence.com/blog/2021/02/one-million-sites-affected-four-severe-vulnerabilities-patched-in-ninja-forms • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24165 – Ninja Forms < 3.4.34 - Administrator Open Redirect
https://notcve.org/view.php?id=CVE-2021-24165
In the Ninja Forms Contact Form WordPress plugin before 3.4.34, the wp_ajax_nf_oauth_connect AJAX action was vulnerable to open redirect due to the use of a user supplied redirect parameter and no protection in place. En el plugin de WordPress Ninja Forms Contact Form versiones anteriores a 3.4.34, la acción AJAX wp_ajax_nf_oauth_connect era vulnerable a un redireccionamiento abierto debido al uso de un parámetro de redireccionamiento proporcionado por el usuario y sin protección en su lugar • https://wpscan.com/vulnerability/6147acf5-e43f-47e6-ab56-c9c8be584818 https://www.wordfence.com/blog/2021/02/one-million-sites-affected-four-severe-vulnerabilities-patched-in-ninja-forms • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-36175 – Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.4.27 - Validation Bypass via Email Field
https://notcve.org/view.php?id=CVE-2020-36175
The Ninja Forms plugin before 3.4.27.1 for WordPress allows attackers to bypass validation via the email field. El plugin Ninja Forms versiones anteriores a 3.4.27.1 para WordPress, permite a atacantes omitir la comprobación por medio del campo email • https://wordpress.org/plugins/ninja-forms/#developers • CWE-20: Improper Input Validation •