Security Advisory

CVE-2021-24165

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-04-05 18:27:43
Last updated 2024-08-03 19:21:18
Assigner WPScan
State PUBLISHED

Description

In the Ninja Forms Contact Form WordPress plugin before 3.4.34, the wp_ajax_nf_oauth_connect AJAX action was vulnerable to open redirect due to the use of a user supplied redirect parameter and no protection in place.