In the Ninja Forms Contact Form WordPress plugin before 3.4.34, the wp_ajax_nf_oauth_connect AJAX action was vulnerable to open redirect due to the use of a user supplied redirect parameter and no protection in place.
CPE | Name | Operator | Version |
---|---|---|---|
ninja_forms | lt | 3.4.34 |