2 matches found
CVE-2021-24166
The wpajaxnfoauthdisconnect from the Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 had no nonce protection making it possible for attackers to craft a request to disconnect a site's OAuth connection...
CVE-2021-24166
Affected software: WordPress plugin Ninja Forms – Drag and Drop Form Builder. Vulnerability: CSRF to OAuth service disconnection in wp_ajax_nf_oauth_disconnect due to no nonce protection in versions before 3.4.34. Impact: unauthorized user can craft requests to disconnect a site’s OAuth connectio...