CVE-2018-19796
First published: Mon Dec 03 2018(Updated: )
An open redirect in the Ninja Forms plugin before 3.3.19.1 for WordPress allows Remote Attackers to redirect a user via the lib/StepProcessing/step-processing.php (aka submissions download page) redirect parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ninja Forms | <3.3.19.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2018-19796.
What is the title of the vulnerability?
The title of the vulnerability is 'An open redirect in the Ninja Forms plugin before 3.3.19.1 for WordPress allows Remote Attackers to ...'
What is the affected software?
The affected software is Ninja Forms plugin before version 3.3.19.1 for WordPress.
What is the severity rating of CVE-2018-19796?
The severity rating of CVE-2018-19796 is medium.
How can I fix the vulnerability?
To fix the vulnerability, update the Ninja Forms plugin to version 3.3.19.1 or later.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ninjaforms
- canonical/ninja forms