WordPress Plugin Vulnerabilities

Ninja Forms < 3.4.34 - Administrator Open Redirect

Description

The wp_ajax_nf_oauth_connect AJAX action was vulnerable to open redirect due to the use of a user supplied redirect parameter and no protection in place.

Proof of Concept

http://mysite.com/wp-admin/admin-ajax.php?client_id=1&redirect=https://google.com&action=nf_oauth_connect

Affects Plugins

Plugin icon
ninja-forms
Fixed in 3.4.34

References

CVE
CVE-2021-24165
URL
https://www.wordfence.com/blog/2021/02/one-million-sites-affected-four-severe-vulnerabilities-patched-in-ninja-forms/

Classification

Type
REDIRECT
OWASP top 10
A1: Injection
CWE
CWE-601
CVSS
4.8 (medium)

Miscellaneous

Original Researcher
Chloe Chamberland
Submitter
Chloe Chamberland
Submitter website
https://wordfence.com
Submitter twitter
infosecchloe
Verified
Yes
WPVDB ID
6147acf5-e43f-47e6-ab56-c9c8be584818

Timeline

Publicly Published
2021-02-16 (about 3 years ago)
Added
2021-02-17 (about 3 years ago)
Last Updated
2021-02-19 (about 3 years ago)

Other

Published
Title
Published
2019-09-05
Title
WordPress 5.2.2 - Potential Open Redirect
Published
2023-02-27
Title
WP Meta SEO < 4.5.3 - Subscriber+ Improper Authorization causing Arbitrary Redirect
Published
2022-03-29
Title
English WordPress Admin < 1.5.2 - Unauthenticated Open Redirect
Published
2016-04-25
Title
The Events Calendar <= 4.1.1 - Open Redirect
Published
2023-10-06
Title
affiliate-toolkit – WordPress Affiliate Plugin < 3.4.0 - Open Redirect via atkpout.php