Welcome to WordPress Community Forum. Please login or sign up.

Nov 25, 2024, 10:20 AM

Login with username, password and session length

Shoutbox


Recent

Members
Stats
  • Total Posts: 55
  • Total Topics: 45
  • Online today: 5
  • Online ever: 136 (Apr 17, 2022, 11:37 PM)
Users Online
  • Users: 0
  • Guests: 18
  • Total: 18
18 Guests, 0 Users

WordPress Ninja Forms plugin <= 3.6.10 - Unauthenticated PHP Object Injection

Started by Kailash, Jun 16, 2022, 06:24 AM

Previous topic - Next topic

WordPress Premium Themes


Kailash

WordPress Ninja Forms Contact Form plugin <= 3.6.10 - Unauthenticated PHP Object Injection vulnerability

Plugin name: Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress
Vulnerable versions: <= 3.6.10
Fixed in: 3.6.11
CVE ID: N/A
Classification: PHP Object Injection
Publicly disclosed: 2022-06-15

Vulnerability Details

Unauthenticated PHP Object Injection vulnerability discovered in WordPress Ninja Forms plugin (versions <= 3.6.10).

Solution

Update the WordPress Ninja Forms plugin to the latest available version (at least 3.6.11).

Plugin Link: https://wordpress.org/plugins/ninja-forms/

WordPress Premium Themes