CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-36827 – WordPress Ninja Forms Contact Form plugin <= 3.6.9 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2021-36827
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Saturday Drive's Ninja Forms Contact Form plugin <= 3.6.9 at WordPress via "label". Una vulnerabilidad de tipo Cross-Site Scripting (XSS) almacenado y autenticado (rol de administrador o usuario superior) en el plugin Ninja Forms Contact Form versiones anteriores a 3.6.9 incluyéndola, de Saturday Drive en WordPress por medio de "label" The Ninja Forms Contact Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'label' parameter in versions up to, and including, 3.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. • https://patchstack.com/database/vulnerability/ninja-forms/wordpress-ninja-forms-contact-form-plugin-3-6-9-authenticated-stored-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24889 – Ninja Forms < 3.6.4 - Admin+ SQL Injection
https://notcve.org/view.php?id=CVE-2021-24889
The Ninja Forms Contact Form WordPress plugin before 3.6.4 does not escape keys of the fields POST parameter, which could allow high privilege users to perform SQL injections attacks El plugin Ninja Forms Contact Form de WordPress versiones anteriores a 3.6.4, no escapa las claves del parámetro POST de los campos, que podría permitir a usuarios con altos privilegios llevar a cabo ataques de inyecciones SQL • https://wpscan.com/vulnerability/55008a42-eb56-436c-bce0-10ee616d0495 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-34647 – Ninja Forms <= 3.5.7 Sensitive Information Disclosure
https://notcve.org/view.php?id=CVE-2021-34647
The Ninja Forms WordPress plugin is vulnerable to sensitive information disclosure via the bulk_export_submissions function found in the ~/includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to export all Ninja Forms submissions data via the /ninja-forms-submissions/export REST API which can include personally identifiable information. El plugin Ninja Forms de WordPress es vulnerable a una divulgación de información confidencial por medio de la función bulk_export_submissions que se encuentra en el archivo ~/includes/Routes/Submissions.php, en versiones hasta la 3.5.7 incluyéndola. Esto permite a atacantes autenticados exportar todos los datos de los envíos de Ninja Forms por medio de la API REST /ninja-forms-submissions/export, que puede incluir información personal identificable • https://plugins.trac.wordpress.org/browser/ninja-forms/trunk/includes/Routes/Submissions.php?rev=2543837#L107 https://www.wordfence.com/blog/2021/09/recently-patched-vulnerabilities-in-ninja-forms-plugin-affects-over-1-million-site-owners • CWE-862: Missing Authorization CWE-863: Incorrect Authorization •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-34648 – Ninja Forms <= 3.5.7 Unprotected REST-API to Email Injection
https://notcve.org/view.php?id=CVE-2021-34648
The Ninja Forms WordPress plugin is vulnerable to arbitrary email sending via the trigger_email_action function found in the ~/includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to send arbitrary emails from the affected server via the /ninja-forms-submissions/email-action REST API which can be used to socially engineer victims. El plugin Ninja Forms de WordPress es vulnerable al envío de correos electrónicos arbitrarios por medio de la función trigger_email_action que se encuentra en el archivo ~/includes/Routes/Submissions.php, en versiones hasta la 3.5.7 inclusive. Esto permite a atacantes autenticados enviar correos electrónicos arbitrarios desde el servidor afectado por medio de la API REST /ninja-forms-submissions/email-action, que puede ser usada para llevar a cabo ingeniería social a las víctimas • https://plugins.trac.wordpress.org/browser/ninja-forms/trunk/includes/Routes/Submissions.php?rev=2543837#L155 https://www.wordfence.com/blog/2021/09/recently-patched-vulnerabilities-in-ninja-forms-plugin-affects-over-1-million-site-owners • CWE-862: Missing Authorization CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24163 – Ninja Forms < 3.4.34 - Authenticated SendWP Plugin Installation and Client Secret Key Disclosure
https://notcve.org/view.php?id=CVE-2021-24163
The AJAX action, wp_ajax_ninja_forms_sendwp_remote_install_handler, did not have a capability check on it, nor did it have any nonce protection, therefore making it possible for low-level users, such as subscribers, to install and activate the SendWP Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 and retrieve the client_secret key needed to establish the SendWP connection while also installing the SendWP plugin. La acción AJAX, wp_ajax_ninja_forms_sendwp_remote_install_handler, no tenía una comprobación de capacidad, ni tenía ninguna protección nonce, por lo que era posible para usuarios de bajo nivel, como los suscriptores, instalar y activar el SendWP Ninja Forms Contact Form †- El Drag and Drop Form Builder para WordPress“, para el plugin de WordPress versiones anteriores a 3.4.34 y recuperar la clave client_secret necesaria para establecer la conexión SendWP al mismo tiempo que se instala el plugin SendWP • https://wpscan.com/vulnerability/55fde9fa-f6cd-4546-bee8-4acc628251c2 https://www.wordfence.com/blog/2021/02/one-million-sites-affected-four-severe-vulnerabilities-patched-in-ninja-forms • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •