Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total2

Critical0

High0

Medium2

Search Severity Year Type Sort Order

Reset

Showing 1-2 of 2 records

Threat Entry Updated 2024-11-21

CVE-2021-24165 - In The Ninja Forms Contact Form Plugin

In the Ninja Forms Contact Form WordPress plugin before 3.4.34, the wp_ajax_nf_oauth_connect AJAX action was vulnerable to open redirect due to the use of a user supplied redirect parameter and no protection in place.

PLUGIN In The Ninja Forms Contact Form

CVE-2021-24165

MEDIUM CVSS 6.1 2021-04-05

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2021-24164 - In The Ninja Forms Contact Form Plugin

In the Ninja Forms Contact Form WordPress plugin before 3.4.34.1, low-level users, such as subscribers, were able to trigger the action, wp_ajax_nf_oauth, and retrieve the connection url needed to establish a connection. They could also retrieve the client_id for an already established OAuth connection.

PLUGIN In The Ninja Forms Contact Form

CVE-2021-24164

MEDIUM CVSS 4.3 2021-04-05

Risk Score

Open Full Technical Breakdown

Blog

"Prevention is cheaper than a breach"

Threat Database

CVE-2021-24165 - In The Ninja Forms Contact Form Plugin

CVE-2021-24164 - In The Ninja Forms Contact Form Plugin

Company Links

Contact Us