WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress Security Bypass (3.5.7) - Vulnerability Database

WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress Security Bypass (3.5.7)

Description

WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently export sensitive information or send arbitrary emails that could be used for phishing. WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress version 3.5.7 is vulnerable; prior versions are also affected.

Remediation

Update to plugin version 3.5.8 or latest

References

https://www.wordfence.com/blog/2021/09/recently-patched-vulnerabilities-in-ninja-forms-plugin-affects-over-1-million-site-owners/

https://plugins.svn.wordpress.org/ninja-forms/trunk/readme.txt

Related Vulnerabilities

Severity

High

Classification

CVE-2021-34647

CVE-2021-34648

CWE-264

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N