CVE-2016-1209: Input Validation
First published: Sat May 14 2016(Updated: )
The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request.
Credit: vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ninja Forms | <=2.9.42 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://jvn.jp/en/jp/JVN44657371/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2016-000064
- http://packetstormsecurity.com/files/137211/WordPress-Ninja-Forms-Unauthenticated-File-Upload.html
- http://www.pritect.net/blog/ninja-forms-2-9-42-critical-security-vulnerabilities
- http://www.rapid7.com/db/modules/exploit/unix/webapp/wp_ninja_forms_unauthenticated_file_upload
- https://ninjaforms.com/important-security-update-always-hurt-ones-love/
- https://wordpress.org/plugins/ninja-forms/changelog/
- https://wpvulndb.com/vulnerabilities/8485
- agent/references
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ninjaforms
- canonical/ninja forms
- version/ninja forms/2.9.42