First published: Mon Apr 05 2021(Updated: )
In the Ninja Forms Contact Form WordPress plugin before 3.4.34, the wp_ajax_nf_oauth_connect AJAX action was vulnerable to open redirect due to the use of a user supplied redirect parameter and no protection in place.
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
Ninja Forms | <3.4.34 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2021-24165.
The severity of CVE-2021-24165 is medium.
The affected software is the Ninja Forms Contact Form WordPress plugin before version 3.4.34.
CVE-2021-24165 is a vulnerability in the Ninja Forms Contact Form WordPress plugin that allows for open redirect due to the use of a user supplied redirect parameter without proper protection.
To fix CVE-2021-24165, update the Ninja Forms Contact Form WordPress plugin to version 3.4.34 or later.