cleantalk
Vulnerabilities and Security Researches

Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress, CVE-2021-24164

CVE, Research URL

CVE-2021-24164

Home page URL

Security reports for Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress

Application

Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress

Published on
Apr 06, 2021
Research Description
In the Ninja Forms Contact Form WordPress plugin before 3.4.34.1, low-level users, such as subscribers, were able to trigger the action, wp_ajax_nf_oauth, and retrieve the connection url needed to establish a connection. They could also retrieve the client_id for an already established OAuth connection.
Affected versions
Min -, max 3.4.34.1.
Status
vulnerable
Previous vulnerability researches
Ninja Forms Google Sheet Connector (48c876c4c37ae47cdbba572acd132e945788cdbd) , Jun 07, 2024
Ninja Forms Google Sheet Connector (CVE-2023-2333) , Jun 07, 2024
Styler for Ninja Forms (CVE-2024-10717) , Nov 14, 2024
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress (CVE-2024-43999) , Sep 01, 2024
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress (CVE-2021-24381) , Jun 06, 2024
New vulnerability
Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers (CVE-2025-49997) , Jun 22, 2025
Football Pool (CVE-2025-5490) , Jun 20, 2025
CubeWP Forms – LeadGen & Contact Form (CVE-2025-49880) , Jun 20, 2025
WP2LEADS | WordPress und KlickTipp einfach verbinden – WooCommerce und KlickTipp einfach verbinden (CVE-2025-49316) , Jun 20, 2025
Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit (CVE-2025-1562) , Jun 20, 2025