Ver todas as ameaças

CVE-2021-34648

Alvo: Não informado

Descrição

The Ninja Forms WordPress plugin is vulnerable to arbitrary email sending via the trigger_email_action function found in the ~/includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to send arbitrary emails from the affected server via the /ninja-forms-submissions/email-action REST API which can be used to socially engineer victims.

Software
Não informado
Tipo Software
Plugin
CVE
CVE-2021-34648
Tags
Nâo informado
Data de publicação
22/09/2021
Última atualização
07/12/2024
Pontuação em CVSS 3.0
6.4
Médio
Rolar para cima