WordPress Plugin Vulnerabilities

Ninja Forms < 3.5.8 - Unprotected REST-API to Sensitive Information Disclosure

Description

The plugin is vulnerable to sensitive information disclosure via the bulk_export_submissions function found in the ~/includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to export all Ninja Forms submissions data via the /ninja-forms-submissions/export REST API which can include personally identifiable information.

Proof of Concept

Affects Plugins

Plugin icon
ninja-forms
Fixed in 3.5.8

References

CVE
CVE-2021-34647
URL
https://www.wordfence.com/blog/2021/09/recently-patched-vulnerabilities-in-ninja-forms-plugin-affects-over-1-million-site-owners/

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
6.5 (medium)

Miscellaneous

Original Researcher
Chloe Chamberland
Submitter
Chloe Chamberland
Submitter website
https://wordfence.com
Submitter twitter
infosecchloe
Verified
Yes
WPVDB ID
606973aa-cf5d-43a7-9ef5-faa7f9af5318

Timeline

Publicly Published
2021-09-22 (about 4 years ago)
Added
2021-09-22 (about 4 years ago)
Last Updated
2023-02-03 (about 2 years ago)

Other

Published
Title
Published
2024-10-18
Title
ElementInvader Addons for Elementor < 1.3.0 - Authenticated (Contributor+) Information Exposure
Published
2025-09-22
Title
All In One SEO Pack < 4.8.7.2 - Contributor+ Sensitive Information Exposure
Published
2023-11-06
Title
Restrict Content < 3.2.8 - Information Exposure via legacy log file
Published
2025-11-10
Title
Document Pro Elementor – Documentation & Knowledge Base <= 1.0.9 - Unauthenticated Information Exposure
Published
2025-11-11
Title
WP Import – Ultimate CSV XML Importer for WordPress < 7.33.1 - Missing Authorization to Authenticated (Author+) Sensitive Information Exposure