6.5
CVE-2021-34647
- EPSS 0.72%
- Veröffentlicht 22.09.2021 18:15:11
- Zuletzt bearbeitet 21.11.2024 06:10:53
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginNinja Forms <= 3.5.7 - Unprotected REST-API to Sensitive Information Disclosure
The Ninja Forms WordPress plugin is vulnerable to sensitive information disclosure via the bulk_export_submissions function found in the ~/includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to export all Ninja Forms submissions data via the /ninja-forms-submissions/export REST API which can include personally identifiable information.
Mögliche Gegenmaßnahme
Ninja Forms – The Contact Form Builder That Grows With You: Update to version 3.5.8, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Ninja Forms – The Contact Form Builder That Grows With You
Version
*-3.5.7
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ninjaforms ≫ Ninja Forms SwPlatformwordpress Version <= 3.5.7
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.72% | 0.72 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:N
|
| security@wordfence.com | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
CWE-863 Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.