Description
Unauthenticated Email Address Disclosure vulnerability discovered by Agence Web Coheractio in WordPress Ninja Forms plugin (versions <= 3.6.7).
## Solution
Update the WordPress Ninja Forms plugin to the latest available version (at least 3.6.8).
Affected Software
{"id": "PATCHSTACK:57478846BE40E1D162F8F845CBB79096", "vendorId": null, "type": "patchstack", "bulletinFamily": "software", "title": "WordPress Ninja Forms plugin <= 3.6.7 - Unauthenticated Email Address Disclosure vulnerability", "description": "Unauthenticated Email Address Disclosure vulnerability discovered by Agence Web Coheractio in WordPress Ninja Forms plugin (versions <= 3.6.7).\n\n## Solution\n\n\r\n Update the WordPress Ninja Forms plugin to the latest available version (at least 3.6.8).\r\n ", "published": "2022-03-22T00:00:00", "modified": "2022-03-22T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://patchstack.com/database/vulnerability/ninja-forms/wordpress-ninja-forms-plugin-3-6-7-unauthenticated-email-address-disclosure-vulnerability", "reporter": "Agence Web Coheractio", "references": ["https://wpscan.com/vulnerability/cec7d366-7663-4b83-9640-a58f2fcf5e41", "https://wordpress.org/plugins/ninja-forms/#developers"], "cvelist": [], "immutableFields": [], "lastseen": "2022-06-01T19:18:49", "viewCount": 9, "enchantments": {"vulnersScore": "PENDING"}, "_state": {}, "_internal": {}, "affectedSoftware": [{"version": "3.6.7", "operator": "le", "name": "ninja forms"}], "vendor_cvss": {"score": "3.1", "severity": "Low severity"}, "owasp": "A3: Sensitive Data Exposure", "classification": "Sensitive Data Exposure"}
{}
WordPress Ninja Forms plugin <= 3.6.7 - Unauthenticated Email Address Disclosure vulnerability