CVE-2021-24166

🗓️ 05 Apr 2021 19:15:15Reported by [email protected]Type

The wp_ajax_nf_oauth_disconnect from the Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 had no nonce protection

Reporter	Title	Published	Views	Family All 5
Prion	Cross site request forgery (csrf)	5 Apr 202119:15	–	prion
wpexploit	Ninja Forms < 3.4.34 - CSRF to OAuth Service Disconnection	16 Feb 202100:00	–	wpexploit
WPVulnDB	Ninja Forms < 3.4.34 - CSRF to OAuth Service Disconnection	16 Feb 202100:00	–	wpvulndb
CVE	CVE-2021-24166	5 Apr 202119:15	–	cve
Cvelist	CVE-2021-24166 Ninja Forms < 3.4.34 - CSRF to OAuth Service Disconnection	5 Apr 202118:27	–	cvelist

Nvd

Node

ninjaforms ninja_formsRange<3.4.34wordpress

Source	Link
wpscan	www.wpscan.com/vulnerability/b531fb65-a8ff-4150-a9a1-2a62a3c00bd6
wordfence	www.wordfence.com/blog/2021/02/one-million-sites-affected-four-severe-vulnerabilities-patched-in-ninja-forms/

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

05 Apr 2021 19:15Current

CVSS25.8

CVSS35.4

EPSS0.00149

CWE-352