CVE-2021-34647 – Ninja Forms <= 3.5.7 Sensitive Information Disclosure
https://notcve.org/view.php?id=CVE-2021-34647
The Ninja Forms WordPress plugin is vulnerable to sensitive information disclosure via the bulk_export_submissions function found in the ~/includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to export all Ninja Forms submissions data via the /ninja-forms-submissions/export REST API which can include personally identifiable information. El plugin Ninja Forms de WordPress es vulnerable a una divulgación de información confidencial por medio de la función bulk_export_submissions que se encuentra en el archivo ~/includes/Routes/Submissions.php, en versiones hasta la 3.5.7 incluyéndola. Esto permite a atacantes autenticados exportar todos los datos de los envíos de Ninja Forms por medio de la API REST /ninja-forms-submissions/export, que puede incluir información personal identificable • https://plugins.trac.wordpress.org/browser/ninja-forms/trunk/includes/Routes/Submissions.php?rev=2543837#L107 https://www.wordfence.com/blog/2021/09/recently-patched-vulnerabilities-in-ninja-forms-plugin-affects-over-1-million-site-owners • CWE-862: Missing Authorization CWE-863: Incorrect Authorization •
CVE-2021-34648 – Ninja Forms <= 3.5.7 Unprotected REST-API to Email Injection
https://notcve.org/view.php?id=CVE-2021-34648
The Ninja Forms WordPress plugin is vulnerable to arbitrary email sending via the trigger_email_action function found in the ~/includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to send arbitrary emails from the affected server via the /ninja-forms-submissions/email-action REST API which can be used to socially engineer victims. El plugin Ninja Forms de WordPress es vulnerable al envío de correos electrónicos arbitrarios por medio de la función trigger_email_action que se encuentra en el archivo ~/includes/Routes/Submissions.php, en versiones hasta la 3.5.7 inclusive. Esto permite a atacantes autenticados enviar correos electrónicos arbitrarios desde el servidor afectado por medio de la API REST /ninja-forms-submissions/email-action, que puede ser usada para llevar a cabo ingeniería social a las víctimas • https://plugins.trac.wordpress.org/browser/ninja-forms/trunk/includes/Routes/Submissions.php?rev=2543837#L155 https://www.wordfence.com/blog/2021/09/recently-patched-vulnerabilities-in-ninja-forms-plugin-affects-over-1-million-site-owners • CWE-862: Missing Authorization CWE-863: Incorrect Authorization •
CVE-2021-24163 – Ninja Forms < 3.4.34 - Authenticated SendWP Plugin Installation and Client Secret Key Disclosure
https://notcve.org/view.php?id=CVE-2021-24163
The AJAX action, wp_ajax_ninja_forms_sendwp_remote_install_handler, did not have a capability check on it, nor did it have any nonce protection, therefore making it possible for low-level users, such as subscribers, to install and activate the SendWP Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 and retrieve the client_secret key needed to establish the SendWP connection while also installing the SendWP plugin. La acción AJAX, wp_ajax_ninja_forms_sendwp_remote_install_handler, no tenía una comprobación de capacidad, ni tenía ninguna protección nonce, por lo que era posible para usuarios de bajo nivel, como los suscriptores, instalar y activar el SendWP Ninja Forms Contact Form †- El Drag and Drop Form Builder para WordPress“, para el plugin de WordPress versiones anteriores a 3.4.34 y recuperar la clave client_secret necesaria para establecer la conexión SendWP al mismo tiempo que se instala el plugin SendWP • https://wpscan.com/vulnerability/55fde9fa-f6cd-4546-bee8-4acc628251c2 https://www.wordfence.com/blog/2021/02/one-million-sites-affected-four-severe-vulnerabilities-patched-in-ninja-forms • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVE-2021-24166 – Ninja Forms < 3.4.34 - CSRF to OAuth Service Disconnection
https://notcve.org/view.php?id=CVE-2021-24166
The wp_ajax_nf_oauth_disconnect from the Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 had no nonce protection making it possible for attackers to craft a request to disconnect a site's OAuth connection. El plugin de WordPress wp_ajax_nf_oauth_disconnect from the Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress versiones anteriores a 3.4.34, no tenía protección nonce, haciendo posible que atacantes diseñen una petición para desconectar la conexión OAuth de un sitio • https://wpscan.com/vulnerability/b531fb65-a8ff-4150-a9a1-2a62a3c00bd6 https://www.wordfence.com/blog/2021/02/one-million-sites-affected-four-severe-vulnerabilities-patched-in-ninja-forms • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2021-24164 – Ninja Forms < 3.4.34.1 - Authenticated OAuth Connection Key Disclosure
https://notcve.org/view.php?id=CVE-2021-24164
In the Ninja Forms Contact Form WordPress plugin before 3.4.34.1, low-level users, such as subscribers, were able to trigger the action, wp_ajax_nf_oauth, and retrieve the connection url needed to establish a connection. They could also retrieve the client_id for an already established OAuth connection. En el plugin de WordPress Ninja Forms Contact Form versiones anteriores a 3.4.34.1, los usuarios de bajo nivel, como los suscriptores, podían desencadenar la acción, wp_ajax_nf_oauth, y recuperar la URL de conexión necesaria para establecer una conexión. También podrían recuperar el client_id para una conexión OAuth ya establecida • https://wpscan.com/vulnerability/dfa32afa-c6de-4237-a9f2-709843dcda89 https://www.wordfence.com/blog/2021/02/one-million-sites-affected-four-severe-vulnerabilities-patched-in-ninja-forms • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •