CVE-2021-24165

CVE-2021-24165: Ninja Forms < 3.4.34 - Administrator Open Redirect

Vendor Unknown
Product Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress
Weakness CWE-601 · Open redirect
Published April 5, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

In the Ninja Forms Contact Form WordPress plugin before 3.4.34, the wp_ajax_nf_oauth_connect AJAX action was vulnerable to open redirect due to the use of a user supplied redirect parameter and no protection in place.

Key dates

02Disclosure timeline

April 5, 2021 CVE published
August 3, 2024 Record updated