WordPress Plugin Vulnerabilities

Ninja Forms <= 3.3.19 - Authenticated Open Redirect

Description

Open Redirect vulnerability in download submission page using URL parameter.

Affects Plugins

Plugin icon
ninja-forms
Fixed in 3.3.19.1

References

CVE
CVE-2018-19796
URL
https://plugins.trac.wordpress.org/changeset/1982808/ninja-forms/trunk/lib/StepProcessing/step-processing.php

Classification

Type
REDIRECT
OWASP top 10
A1: Injection
CWE
CWE-601
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
MTK (Muhammad Talha Khan)
Submitter
MTK (Muhammad Talha Khan)
Submitter website
http://mtk911.cf
Submitter twitter
@m7k911
Verified
No
WPVDB ID
02fa90e3-d846-4bbc-98f9-88dfcf4e2740

Timeline

Publicly Published
2018-12-01 (about 7 years ago)
Added
2018-12-04 (about 7 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2024-01-17
Title
Analytics Insights for Google Analytics 4 < 6.3 - Open Redirect
Published
2015-01-29
Title
WPtouch < 3.7 - Unvalidated Open Redirect
Published
2023-01-06
Title
miniOrange WordPress SAML SSO Standard < 16.0.8 - Open Redirect in SSO login
Published
2023-07-18
Title
Ninja Popups <= 4.7.5 - Unauthenticated Open Redirect
Published
2023-11-14
Title
Integration for Contact Form 7 and Constant Contact < 1.1.5 - Open Redirect