CVE-2021-24163

Public Exploit

Ninja Forms < 3.4.34 - Authenticated SendWP Plugin Installation and Client Secret Key Disclosure

Description

The AJAX action, wp_ajax_ninja_forms_sendwp_remote_install_handler, did not have a capability check on it, nor did it have any nonce protection, therefore making it possible for low-level users, such as subscribers, to install and activate the SendWP Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 and retrieve the client_secret key needed to establish the SendWP connection while also installing the SendWP plugin.

References

Link	Tags
https://wpscan.com/vulnerability/55fde9fa-f6cd-4546-bee8-4acc628251c2	third party advisory exploit
https://www.wordfence.com/blog/2021/02/one-million-sites-affected-four-severe-vulnerabilities-patched-in-ninja-forms/	third party advisory

Frequently Asked Questions

What is the severity of CVE-2021-24163?: CVE-2021-24163 has been scored as a high severity vulnerability.
How to fix CVE-2021-24163?: To fix CVE-2021-24163, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2021-24163 being actively exploited in the wild?: It is possible that CVE-2021-24163 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-24163?: CVE-2021-24163 affects Unknown Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress.

Description

Categories

CWE-200 – Exposure of Sensitive Information to an Unauthorized Actor

CWE-862 – Missing Authorization

References

Frequently Asked Questions