CVE-2021-34647
Ninja Forms <= 3.5.7 Sensitive Information Disclosure
The Ninja Forms WordPress plugin is vulnerable to sensitive information disclosure via the bulk_export_submissions function found in the ~/includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to export all Ninja Forms submissions data via the /ninja-forms-submissions/export REST API which can include personally identifiable information.
We have discovered 44 live websites that are affected by CVE-2021-34647.
Affected Software
| Product | |
| Category | Wordpress Plugins |
| Vulnerable Versions |
|
| Total Vulnerable Versions | 207 |
| Vulnerable Domains | 44 live websites (0.19% of Ninja Forms install base) |
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2021-34647 and the relative popularity of websitesDetails
- Published - Sep 22, 2021
- Updated - Sep 23, 2021
Credits
- Chloe Chamberland, Wordfence
CWE
CVE References
CWE References
Countries
 United States | 13 websites |
 Canada | 6 websites |
 Australia | 4 websites |
 Germany | 4 websites |
 GB | 3 websites |
 France | 2 websites |
 India | 2 websites |
 Italy | 2 websites |
 Belgium | 1 websites |
 Bulgaria | 1 websites |
TLDs
| .com | 19 websites |
| .org | 5 websites |
| .ca | 4 websites |
| .com.au | 4 websites |
| .de | 2 websites |
| .be | 1 websites |
| .co | 1 websites |
| .co.uk | 1 websites |
| .jp | 1 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redGeographical Distribution
The distribution of websites across the globe that are exposed to CVE-2021-34647 through included software libraries and plugins.References
- https://www.wordfence.com/blog/2021/09/recently-patched-vulnerabilities-in-ninja-forms-plugin-affects-over-1-million-site-owners/
- https://plugins.trac.wordpress.org/browser/ninja-forms/trunk/includes/Routes/Submissions.php?rev=2543837#L107
Websites affected by CVE-2021-34647
Top websites that are affected by CVE-2021-34647. Please click on the "Contact us" button above to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***********.com | Canada | **,*** | |
| ****.**********.com | Italy | ***,*** | |
| ***.********.ec |  Ecuador | *,***,*** | |
| ***.***********.com | United States | *,***,*** | |
| ******************.com | United States | *,***,*** | |
| ***.*************.com | France | *,***,*** | |
| ***.*****.***.au | Australia | *,***,*** | |
| ********.be | Belgium | *,***,*** | |
| *****************.com | United States | *,***,*** | |
| ************.de | Germany | *,***,*** |