WordPress Ninja Forms Plugin Authorization Bypass Vulnerability

Bugtraq ID:	69740
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Sep 08 2014 12:00AM
Updated:	Sep 08 2014 12:00AM
Credit:	Voxel@Night
Vulnerable:	WordPress Ninja Forms 2.7.7
Not Vulnerable:

WordPress Ninja Forms Plugin Authorization Bypass Vulnerability

The Ninja Forms Plugin for WordPress is prone to an authorization-bypass vulnerability.

An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks.

Ninja Forms Plugin 2.7.7 is vulnerable; other versions may also be affected.

WordPress Ninja Forms Plugin Authorization Bypass Vulnerability

The following proof-of-concept is available:

• /data/vulnerabilities/exploits/69740.html.txt

WordPress Ninja Forms Plugin Authorization Bypass Vulnerability

Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]..

WordPress Ninja Forms Plugin Authorization Bypass Vulnerability

References:

• Ninja Forms Plugin Home Page (WordPress)
  
• WordPress HomePage (WordPress)
  
• WordPress Plugin Vulnerability Dump - Part 2 (SecLists.Org)