Lucene search

CVE-2021-24165

🗓️ 05 Apr 2021 19:15:15Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 37 Views🌐 WEB

Ninja Forms Contact Form WordPress plugin before 3.4.34 open redirect vulnerabilit

Reporter	Title	Published	Views	Family All 6
Nuclei	WordPress Ninja Forms <3.4.34 - Open Redirect	12 Feb 202216:33	–	nuclei
NVD	CVE-2021-24165	5 Apr 202119:15	–	nvd
wpexploit	Ninja Forms < 3.4.34 - Administrator Open Redirect	16 Feb 202100:00	–	wpexploit
WPVulnDB	Ninja Forms < 3.4.34 - Administrator Open Redirect	16 Feb 202100:00	–	wpvulndb
Prion	Open redirect	5 Apr 202119:15	–	prion
Cvelist	CVE-2021-24165 Ninja Forms < 3.4.34 - Administrator Open Redirect	5 Apr 202118:27	–	cvelist

Nvd

Vulners

Node

ninjaforms ninja_formsRange<3.4.34wordpress

[
  {
    "product": "Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "3.4.34",
        "status": "affected",
        "version": "3.4.34",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/6147acf5-e43f-47e6-ab56-c9c8be584818
wordfence	www.wordfence.com/blog/2021/02/one-million-sites-affected-four-severe-vulnerabilities-patched-in-ninja-forms/

Parameter	Position	Path	Description	CWE
redirect	query param	/wp-admin/admin-ajax.php	The wp_ajax_nf_oauth_connect action is vulnerable to open redirect due to insufficient validation of the redirect parameter.	CWE-601

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

05 Apr 2021 19:15Current

6.2Medium risk

Vulners AI Score6.2

CVSS25.8

CVSS36.1

EPSS0.02035

CWE-601