CVE-2021-24165

Published: Apr 5, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

In the Ninja Forms Contact Form WordPress plugin before 3.4.34, the wp_ajax_nf_oauth_connect AJAX action was vulnerable to open redirect due to the use of a user supplied redirect parameter and no protection in place.

Vendor	Product	Versions
Unknown	Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress	affected `3.4.34 - < 3.4.34`

Weaknesses (CWE)

CWE-601

References

https://www.wordfence.com/blog/2021/02/one-million-sites-affected-four-severe-vulnerabilities-patched-in-ninja-forms/

x_refsource_MISC

https://wpscan.com/vulnerability/6147acf5-e43f-47e6-ab56-c9c8be584818

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-24165

Description

Affected Products

Weaknesses (CWE)

References