Ninja Forms < 3.5.8 - Unprotected REST-API to Email Injection. Arbitrary email sending via trigger_email_action in versions up to 3.5.7, allowing authenticated attackers to send emails via /ninja-forms-submissions/email-action REST API
Reporter | Title | Published | Views | Family All 8 |
---|---|---|---|---|
wpexploit | Ninja Forms < 3.5.8 - Unprotected REST-API to Email Injection | 22 Sep 202100:00 | – | wpexploit |
NVD | CVE-2021-34648 | 22 Sep 202118:15 | – | nvd |
Patchstack | WordPress Ninja Forms Contact Form plugin <= 3.5.7 - Unprotected REST-API to Email Injection vulnerability | 22 Sep 202100:00 | – | patchstack |
Prion | Code injection | 22 Sep 202118:15 | – | prion |
Cvelist | CVE-2021-34648 Ninja Forms <= 3.5.7 Unprotected REST-API to Email Injection | 22 Sep 202117:53 | – | cvelist |
CVE | CVE-2021-34648 | 22 Sep 202118:15 | – | cve |
Wordfence Blog | Recently Patched Vulnerabilities in Ninja Forms Plugin Affect Over 1 Million Site Owners | 22 Sep 202115:00 | – | wordfence |
OpenVAS | WordPress Ninja Forms Plugin < 3.5.8 Multiple Vulnerabilities | 12 Oct 202100:00 | – | openvas |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo