2 matches found
CVE-2021-34648
The CVE-2021-34648 issue affects the WordPress Ninja Forms plugin (up to version 3.5.7). The vulnerability arises from an unprotected REST API endpoint, specifically /ninja-forms-submissions/email-action, where the trigger_email_action function in includes/Routes/Submissions.php can be invoked by...
CVE-2021-34648 Ninja Forms <= 3.5.7 Unprotected REST-API to Email Injection
The Ninja Forms WordPress plugin is vulnerable to arbitrary email sending via the triggeremailaction function found in the /includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to send arbitrary emails from the affected server via the...