CVE-2021-24165
published 2021-04-05CVE-2021-24165: In the Ninja Forms Contact Form WordPress plugin before 3.4.34, the wp_ajax_nf_oauth_connect AJAX action was vulnerable to open redirect due to the use of a…
PriorityP335medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
1.64%
73.5th percentile
In the Ninja Forms Contact Form WordPress plugin before 3.4.34, the wp_ajax_nf_oauth_connect AJAX action was vulnerable to open redirect due to the use of a user supplied redirect parameter and no protection in place.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ninjaforms | ninja_forms | < 3.4.34 | 3.4.34 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
WordPress Ninja Forms <3.4.34 - Open Redirect
nuclei·CVSS 6.1
CVE-2021-24165 [MEDIUM] WordPress Ninja Forms <3.4.34 - Open Redirect
WordPress Ninja Forms <3.4.34 - Open Redirect
WordPress Ninja Forms plugin before 3.4.34 contains an open redirect vulnerability via the wp_ajax_nf_oauth_connect AJAX action, due to the use of a user-supplied redirect parameter and no protection in place. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
Template:
id: CVE-2021-24165
info:
name: WordPress Ninja Forms <3.4.34 - Open Redirect
author: dhiyaneshDk,daffainfo
severity: medium
description: |
WordPress Ninja Forms plugin before 3.4.34 contains an open redirect vulnerability via the wp_ajax_nf_oauth_connect AJAX action, due to the use of a user-supplied redirect parameter and no protection in place. An attacker can redirect a user t
No writeups or analysis indexed.
https://wpscan.com/vulnerability/6147acf5-e43f-47e6-ab56-c9c8be584818https://www.wordfence.com/blog/2021/02/one-million-sites-affected-four-severe-vulnerabilities-patched-in-ninja-forms/https://wpscan.com/vulnerability/6147acf5-e43f-47e6-ab56-c9c8be584818https://www.wordfence.com/blog/2021/02/one-million-sites-affected-four-severe-vulnerabilities-patched-in-ninja-forms/
2021-04-05
Published