CVE-2021-24164

CVE-2021-24164: Ninja Forms < 3.4.34.1 - Authenticated OAuth Connection Key Disclosure

Vendor Unknown
Product Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress
Weakness CWE-200 · Info exposure
Published April 5, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

In the Ninja Forms Contact Form WordPress plugin before 3.4.34.1, low-level users, such as subscribers, were able to trigger the action, wp_ajax_nf_oauth, and retrieve the connection url needed to establish a connection. They could also retrieve the client_id for an already established OAuth connection.

Key dates

02Disclosure timeline

April 5, 2021 CVE published
August 3, 2024 Record updated