CVE-2021-24166 – Ninja Forms < 3.4.34 - CSRF to OAuth Service Disconnection
https://notcve.org/view.php?id=CVE-2021-24166
The wp_ajax_nf_oauth_disconnect from the Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 had no nonce protection making it possible for attackers to craft a request to disconnect a site's OAuth connection. El plugin de WordPress wp_ajax_nf_oauth_disconnect from the Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress versiones anteriores a 3.4.34, no tenía protección nonce, haciendo posible que atacantes diseñen una petición para desconectar la conexión OAuth de un sitio • https://wpscan.com/vulnerability/b531fb65-a8ff-4150-a9a1-2a62a3c00bd6 https://www.wordfence.com/blog/2021/02/one-million-sites-affected-four-severe-vulnerabilities-patched-in-ninja-forms • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2021-24164 – Ninja Forms < 3.4.34.1 - Authenticated OAuth Connection Key Disclosure
https://notcve.org/view.php?id=CVE-2021-24164
In the Ninja Forms Contact Form WordPress plugin before 3.4.34.1, low-level users, such as subscribers, were able to trigger the action, wp_ajax_nf_oauth, and retrieve the connection url needed to establish a connection. They could also retrieve the client_id for an already established OAuth connection. En el plugin de WordPress Ninja Forms Contact Form versiones anteriores a 3.4.34.1, los usuarios de bajo nivel, como los suscriptores, podían desencadenar la acción, wp_ajax_nf_oauth, y recuperar la URL de conexión necesaria para establecer una conexión. También podrían recuperar el client_id para una conexión OAuth ya establecida • https://wpscan.com/vulnerability/dfa32afa-c6de-4237-a9f2-709843dcda89 https://www.wordfence.com/blog/2021/02/one-million-sites-affected-four-severe-vulnerabilities-patched-in-ninja-forms • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVE-2021-24165 – Ninja Forms < 3.4.34 - Administrator Open Redirect
https://notcve.org/view.php?id=CVE-2021-24165
In the Ninja Forms Contact Form WordPress plugin before 3.4.34, the wp_ajax_nf_oauth_connect AJAX action was vulnerable to open redirect due to the use of a user supplied redirect parameter and no protection in place. En el plugin de WordPress Ninja Forms Contact Form versiones anteriores a 3.4.34, la acción AJAX wp_ajax_nf_oauth_connect era vulnerable a un redireccionamiento abierto debido al uso de un parámetro de redireccionamiento proporcionado por el usuario y sin protección en su lugar • https://wpscan.com/vulnerability/6147acf5-e43f-47e6-ab56-c9c8be584818 https://www.wordfence.com/blog/2021/02/one-million-sites-affected-four-severe-vulnerabilities-patched-in-ninja-forms • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2020-36175 – Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.4.27 - Validation Bypass via Email Field
https://notcve.org/view.php?id=CVE-2020-36175
The Ninja Forms plugin before 3.4.27.1 for WordPress allows attackers to bypass validation via the email field. El plugin Ninja Forms versiones anteriores a 3.4.27.1 para WordPress, permite a atacantes omitir la comprobación por medio del campo email • https://wordpress.org/plugins/ninja-forms/#developers • CWE-20: Improper Input Validation •
CVE-2020-36174 – Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.4.27 - Cross-Site Request Forgery to Plugin Installation
https://notcve.org/view.php?id=CVE-2020-36174
The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration. El plugin Ninja Forms versiones anteriores a 3.4.27.1 para WordPress, permite un ataque de tipo CSRF por medio de la integración de servicios The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration. This makes it possible for attackers to install arbitrary plugins. • https://wordpress.org/plugins/ninja-forms/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •