An open redirect in the Ninja Forms plugin before 3.3.19.1 for WordPress allows Remote Attackers to redirect a user via the lib/StepProcessing/step-processing.php (aka submissions download page) redirect parameter.
CPE | Name | Operator | Version |
---|---|---|---|
ninja_forms | lt | 3.3.19.1 |