QID 150387

Date Published: 2021-11-18

QID 150387: WordPress Ninja-Forms Plugin - Authenticated OAuth Connection Key Disclosure (CVE-2021-24164)

Ninja Forms is a free form builder plugin for WordPress, it provides users the ability to create custom forms using drag and drop capabilities.

Affected versions of Ninja Forms WordPress plugin allows low-level users such as subscribers to trigger "wp_ajax_nf_oauth" action and retrieve the connection url required to establish the connection, additionally it could also allow users to retrieve the client_id for an already established OAuth connection.

Affected versions:
Ninja Forms versions prior to 3.4.34.1

QID Detection Logic:
This QID sends a HTTP POST request to "wp-admin/admin-ajax.php" and based on the response confirms if the target is vulnerable.

Successful exploitation could allow remote attackers to establish an OAuth Connection for a vulnerable WordPress site with their own account.

  • CVSS V3 rated as Medium - 4.3 severity.
  • CVSS V2 rated as Medium - 4 severity.
    • Solution
    Customers are advised to upgrade to a fixed version Ninja Forms 3.4.34.1 or later versions to remediate this vulnerability.
    Vendor References

    CVEs related to QID 150387

    CVE-2021-24164 |
    Software Advisories
    Advisory ID Software Component Link
    Ninja_Forms URL Logo ninjaforms.com/account/downloads/
    By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].