Page 6 of 42 results (0.004 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

In the Ninja Forms Contact Form WordPress plugin before 3.4.34, the wp_ajax_nf_oauth_connect AJAX action was vulnerable to open redirect due to the use of a user supplied redirect parameter and no protection in place. En el plugin de WordPress Ninja Forms Contact Form versiones anteriores a 3.4.34, la acción AJAX wp_ajax_nf_oauth_connect era vulnerable a un redireccionamiento abierto debido al uso de un parámetro de redireccionamiento proporcionado por el usuario y sin protección en su lugar • https://wpscan.com/vulnerability/6147acf5-e43f-47e6-ab56-c9c8be584818 https://www.wordfence.com/blog/2021/02/one-million-sites-affected-four-severe-vulnerabilities-patched-in-ninja-forms • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

The Ninja Forms plugin before 3.4.27.1 for WordPress allows attackers to bypass validation via the email field. El plugin Ninja Forms versiones anteriores a 3.4.27.1 para WordPress, permite a atacantes omitir la comprobación por medio del campo email • https://wordpress.org/plugins/ninja-forms/#developers • CWE-20: Improper Input Validation •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration. El plugin Ninja Forms versiones anteriores a 3.4.27.1 para WordPress, permite un ataque de tipo CSRF por medio de la integración de servicios The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration. This makes it possible for attackers to install arbitrary plugins. • https://wordpress.org/plugins/ninja-forms/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for submissions-table fields. El plugin Ninja Forms versiones anteriores a 3.4.28 para WordPress, carece de escape para los campos submissions-table • https://wordpress.org/plugins/ninja-forms/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-116: Improper Encoding or Escaping of Output •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

The ninja-forms plugin before 3.4.24.2 for WordPress allows CSRF with resultant XSS. El plugin ninja-forms versiones anteriores a 3.4.24.2 para WordPress, permite un ataque de tipo CSRF con un XSS resultante. The Ninja Forms plugin before 3.4.24.2 for WordPress allows CSRF with resultant XSS. • https://wordpress.org/plugins/ninja-forms/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •