CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24889 – Ninja Forms < 3.6.4 - Admin+ SQL Injection
https://notcve.org/view.php?id=CVE-2021-24889
The Ninja Forms Contact Form WordPress plugin before 3.6.4 does not escape keys of the fields POST parameter, which could allow high privilege users to perform SQL injections attacks El plugin Ninja Forms Contact Form de WordPress versiones anteriores a 3.6.4, no escapa las claves del parámetro POST de los campos, que podría permitir a usuarios con altos privilegios llevar a cabo ataques de inyecciones SQL • https://wpscan.com/vulnerability/55008a42-eb56-436c-bce0-10ee616d0495 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-34648 – Ninja Forms <= 3.5.7 Unprotected REST-API to Email Injection
https://notcve.org/view.php?id=CVE-2021-34648
The Ninja Forms WordPress plugin is vulnerable to arbitrary email sending via the trigger_email_action function found in the ~/includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to send arbitrary emails from the affected server via the /ninja-forms-submissions/email-action REST API which can be used to socially engineer victims. El plugin Ninja Forms de WordPress es vulnerable al envío de correos electrónicos arbitrarios por medio de la función trigger_email_action que se encuentra en el archivo ~/includes/Routes/Submissions.php, en versiones hasta la 3.5.7 inclusive. Esto permite a atacantes autenticados enviar correos electrónicos arbitrarios desde el servidor afectado por medio de la API REST /ninja-forms-submissions/email-action, que puede ser usada para llevar a cabo ingeniería social a las víctimas • https://plugins.trac.wordpress.org/browser/ninja-forms/trunk/includes/Routes/Submissions.php?rev=2543837#L155 https://www.wordfence.com/blog/2021/09/recently-patched-vulnerabilities-in-ninja-forms-plugin-affects-over-1-million-site-owners • CWE-862: Missing Authorization CWE-863: Incorrect Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-34647 – Ninja Forms <= 3.5.7 Sensitive Information Disclosure
https://notcve.org/view.php?id=CVE-2021-34647
The Ninja Forms WordPress plugin is vulnerable to sensitive information disclosure via the bulk_export_submissions function found in the ~/includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to export all Ninja Forms submissions data via the /ninja-forms-submissions/export REST API which can include personally identifiable information. El plugin Ninja Forms de WordPress es vulnerable a una divulgación de información confidencial por medio de la función bulk_export_submissions que se encuentra en el archivo ~/includes/Routes/Submissions.php, en versiones hasta la 3.5.7 incluyéndola. Esto permite a atacantes autenticados exportar todos los datos de los envíos de Ninja Forms por medio de la API REST /ninja-forms-submissions/export, que puede incluir información personal identificable • https://plugins.trac.wordpress.org/browser/ninja-forms/trunk/includes/Routes/Submissions.php?rev=2543837#L107 https://www.wordfence.com/blog/2021/09/recently-patched-vulnerabilities-in-ninja-forms-plugin-affects-over-1-million-site-owners • CWE-862: Missing Authorization CWE-863: Incorrect Authorization •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24166 – Ninja Forms < 3.4.34 - CSRF to OAuth Service Disconnection
https://notcve.org/view.php?id=CVE-2021-24166
The wp_ajax_nf_oauth_disconnect from the Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 had no nonce protection making it possible for attackers to craft a request to disconnect a site's OAuth connection. El plugin de WordPress wp_ajax_nf_oauth_disconnect from the Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress versiones anteriores a 3.4.34, no tenía protección nonce, haciendo posible que atacantes diseñen una petición para desconectar la conexión OAuth de un sitio • https://wpscan.com/vulnerability/b531fb65-a8ff-4150-a9a1-2a62a3c00bd6 https://www.wordfence.com/blog/2021/02/one-million-sites-affected-four-severe-vulnerabilities-patched-in-ninja-forms • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24164 – Ninja Forms < 3.4.34.1 - Authenticated OAuth Connection Key Disclosure
https://notcve.org/view.php?id=CVE-2021-24164
In the Ninja Forms Contact Form WordPress plugin before 3.4.34.1, low-level users, such as subscribers, were able to trigger the action, wp_ajax_nf_oauth, and retrieve the connection url needed to establish a connection. They could also retrieve the client_id for an already established OAuth connection. En el plugin de WordPress Ninja Forms Contact Form versiones anteriores a 3.4.34.1, los usuarios de bajo nivel, como los suscriptores, podían desencadenar la acción, wp_ajax_nf_oauth, y recuperar la URL de conexión necesaria para establecer una conexión. También podrían recuperar el client_id para una conexión OAuth ya establecida • https://wpscan.com/vulnerability/dfa32afa-c6de-4237-a9f2-709843dcda89 https://www.wordfence.com/blog/2021/02/one-million-sites-affected-four-severe-vulnerabilities-patched-in-ninja-forms • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •