Unauthenticated User Installation and Client Secret Retrieval Vulnerability in SendWP Ninja Forms Contact Form Plugin

Unauthenticated User Installation and Client Secret Retrieval Vulnerability in SendWP Ninja Forms Contact Form Plugin

CVE-2021-24163 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

The AJAX action, wp_ajax_ninja_forms_sendwp_remote_install_handler, did not have a capability check on it, nor did it have any nonce protection, therefore making it possible for low-level users, such as subscribers, to install and activate the SendWP Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 and retrieve the client_secret key needed to establish the SendWP connection while also installing the SendWP plugin.

Learn more about our Wordpress Pen Testing.