CVE-2021-24166

CVE-2021-24166: Ninja Forms < 3.4.34 - CSRF to OAuth Service Disconnection

Vendor Unknown
Product Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress
Weakness CWE-352 · CSRF
Published April 5, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The wp_ajax_nf_oauth_disconnect from the Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 had no nonce protection making it possible for attackers to craft a request to disconnect a site's OAuth connection.

Key dates

02Disclosure timeline

April 5, 2021 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE