CVE-2021-24165

In the Ninja Forms Contact Form WordPress plugin before 3.4.34, the wpajaxnfoauthconnect AJAX action was vulnerable to open redirect due to the use of a user supplied redirect parameter and no protection in place...

CVE-2021-24166

The wpajaxnfoauthdisconnect from the Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 had no nonce protection making it possible for attackers to craft a request to disconnect a site's OAuth connection...

WordPress Drag and Drop Form Builder 信息泄露漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An information disclosure vulnerability exists in the Drag and Drop Form Builder for WordPress plugi...

WordPress Ninja Forms Contact Form 输入验证错误漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on PHP and MySQL servers. An input validation error vulnerability exists in the Ninja Forms Contact Form WordPress plugin before 3.4.34, which...

WordPress Ninja Forms Contact Form plugin <= 3.4.33 - Authenticated OAuth Connection Key Disclosure vulnerability

Authenticated OAuth Connection Key Disclosure vulnerability found by Chloe Chamberland in WordPress Ninja Forms Contact Form plugin versions = 3.4.33. Solution Update the WordPress Ninja Forms Contact Form plugin to the latest available version at least 3.4.34...