CVE-2021-24166

Sažetak

The wp_ajax_nf_oauth_disconnect from the Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 had no nonce protection making it possible for attackers to craft a request to disconnect a site's OAuth connection.

Reference

https://wpscan.com/vulnerability/b531fb65-a8ff-4150-a9a1-2a62a3c00bd6
https://www.wordfence.com/blog/2021/02/one-million-sites-affected-four-severe-vulnerabilities-patched-in-ninja-forms/

CVSS

Base:	5.8
Impact:	4.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:P

Zadnje važnije ažuriranje

09-04-2021 - 15:22

Objavljeno

05-04-2021 - 19:15