Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Ninja Forms <= 3.5.7 Unprotected REST-API to Email Injection
Vulnerability Description
The Ninja Forms WordPress plugin is vulnerable to arbitrary email sending via the trigger_email_action function found in the ~/includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to send arbitrary emails from the affected server via the /ninja-forms-submissions/email-action REST API which can be used to socially engineer victims.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Vulnerability Type
授权机制不正确
Vulnerability Title
WordPress 插件 安全漏洞
Vulnerability Description
WordPress 插件是WordPress开源的一个应用插件。 WordPress 插件 Ninja Forms 3.5.7及之前版本存在安全漏洞,经过身份验证的攻击者通过"/ninja-forms-submissions/email-action"的REST API导出所有Ninja Forms提交数据,其中可能包含个人身份信息。
CVSS Information
N/A
Vulnerability Type
N/A