Lucene search
CVE-2020-36174
The Ninja Forms plugin for WordPress allows CSRF via services integration
Show more
| Reporter | Title | Published | Views | Family All 6 |
|---|---|---|---|---|
 | CVE-2020-36174 | 6 Jan 202114:31 | – | cvelist |
 | CVE-2020-36174 | 6 Jan 202115:15 | – | nvd |
 | Ninja Forms < 3.4.27.1 - CSRF leading to Arbitrary Plugin Installation | 22 Sep 202000:00 | – | wpvulndb |
 | Cross site request forgery (csrf) | 6 Jan 202115:15 | – | prion |
 | Ninja Forms < 3.4.27.1 - CSRF leading to Arbitrary Plugin Installation | 22 Sep 202000:00 | – | wpexploit |
 | WordPress Ninja Forms Plugin < 3.4.27.1 Multiple Vulnerabilities | 22 Jan 202100:00 | – | openvas |
Node
| Source | Link |
|---|---|
| wordpress | www.wordpress.org/plugins/ninja-forms/ |
| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| action | query param | /wp-admin/admin-ajax.php | CSRF vulnerability allowing an attacker to install arbitrary plugins. | CWE-352 |
| plugin | query param | /wp-admin/admin-ajax.php | CSRF vulnerability allowing an attacker to install arbitrary plugins. | CWE-352 |
| install_path | query param | /wp-admin/admin-ajax.php | CSRF vulnerability allowing an attacker to install arbitrary plugins. | CWE-352 |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo06 Jan 2021 15:15Current
6.5Medium risk
Vulners AI Score6.5
CVSS24.3
CVSS36.5
EPSS0.01271