CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Ninjaforms: >> Ninja Forms >> 3.4.28 Security Vulnerabilities

CVE-2021-24165

In the Ninja Forms Contact Form WordPress plugin before 3.4.34, the wp_ajax_nf_oauth_connect AJAX action was vulnerable to open redirect due to the use of a user supplied redirect parameter and no protection in place.

CVSS Score

6.1

EPSS Score

0.012

Published

2021-04-05

CVE-2021-24166

The wp_ajax_nf_oauth_disconnect from the Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 had no nonce protection making it possible for attackers to craft a request to disconnect a site's OAuth connection.

CVSS Score

5.4

EPSS Score

0.001

Published

2021-04-05

Page 5

Vulnerabilities

Vulnerable Software

Ninjaforms: >> Ninja Forms >> 3.4.28 Security Vulnerabilities

Products

Pricing

Contact Us