Ninja Forms <= 3.3.19 - Authenticated Open Redirect



Description
Open Redirect vulnerability in download submission page using URL parameter.

Affects Plugin

fixed in version 3.3.19.1

References

CVE 2018-19796
URL https://plugins.trac.wordpress.org/changeset/1982808/ninja-forms/trunk/lib/StepProcessing/step-processing.php

Classification

Type REDIRECT
OWASP Top 10 A10: Unvalidated Redirects and Forwards
CWE CWE-601

Miscellaneous

Original Researcher MTK (Muhammad Talha Khan)
Submitter MTK (Muhammad Talha Khan)
Submitter Website http://mtk911.cf
Submitter Twitter @m7k911
Views 1413
Verified No
WPVDB ID 9154

Timeline

Publicly Published 2018-12-01 (16 days ago)
Added 2018-12-04 (13 days ago)
Last Updated 2018-12-04 (13 days ago)

Copyright & License

Copyright All data and resources contained within this page and this web site is Copyright © The WPScan Team.
License Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.