WordPress Plugin Vulnerabilities

Ninja Forms <= 3.3.19 - Authenticated Open Redirect

Description

Open Redirect vulnerability in download submission page using URL parameter.

Affects Plugins

Plugin icon
ninja-forms
Fixed in 3.3.19.1

References

CVE
CVE-2018-19796
URL
https://plugins.trac.wordpress.org/changeset/1982808/ninja-forms/trunk/lib/StepProcessing/step-processing.php

Classification

Type
REDIRECT
OWASP top 10
A1: Injection
CWE
CWE-601
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
MTK (Muhammad Talha Khan)
Submitter
MTK (Muhammad Talha Khan)
Submitter website
http://mtk911.cf
Submitter twitter
@m7k911
Verified
No
WPVDB ID
02fa90e3-d846-4bbc-98f9-88dfcf4e2740

Timeline

Publicly Published
2018-12-01 (about 7 years ago)
Added
2018-12-04 (about 7 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2026-01-30
Title
Update URLs – Quick and Easy way to search old links and replace them with new links in WordPress <= 1.4.1 - Unauthenticated Open Redirect
Published
2018-04-03
Title
WordPress 3.7-4.9.4 - Use Safe Redirect for Login
Published
2019-09-05
Title
WordPress 5.2.2 - Potential Open Redirect
Published
2021-12-27
Title
WebP Converter for Media < 4.0.3 - Unauthenticated Open redirect
Published
2014-06-02
Title
Grimag < 1.1.1 - Open Redirection