ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Ninja Forms plugin <= 3.3.19 - Authenticated Open Redirect vulnerability

Product
Ninja Forms
Description
Authenticated Open Redirect vulnerability found by Muhammad Talha Khan in WordPress Ninja Forms plugin (versions <= 3.3.19).
Solution
Update the WordPress Ninja Forms plugin to the latest available version (at least 3.3.19.1).
Classification
Type Open Redirection
OWASP Top 10 A10: Unvalidated Redirects and Forwards
References
Plugin changelog
CVE
Name CVE-CVE-2018-19796
Versions
Affected In <= 3.3.19
Fixed In 3.3.19.1
Disclosure date
2018-12-04
Credits
Muhammad Talha Khan
Submitter
ThreatPress