ThreatPress

WordPress Vulnerability Database

Back

WordPress Ninja Forms Contact Form plugin <= 3.4.33 - Authenticated SendWP Plugin Installation and Client Secret Key Disclosure vulnerability

Product
Ninja Forms
Description
Authenticated SendWP Plugin Installation and Client Secret Key Disclosure vulnerability found by Chloe Chamberland in WordPress Ninja Forms Contact Form plugin (versions <= 3.4.33).
Solution
Update the WordPress Ninja Forms Contact Form plugin to the latest available version (at least 3.4.34).
Classification
Type Unknown
OWASP Top 10 A7: Missing Function Level Access Control
References
Plugin changelog
Vulnerability details
CVE
Name CVE-N/A
Versions
Affected In <= 3.4.33
Fixed In 3.4.34
Disclosure date
2021-02-16
Credits
Chloe Chamberland