{
    "CVE_data_meta": {
        "ID": "CVE-2021-24166",
        "ASSIGNER": "contact@wpscan.com",
        "STATE": "PUBLIC",
        "TITLE": "Ninja Forms < 3.4.34 - CSRF to OAuth Service Disconnection"
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "generator": "WPScan CVE Generator",
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "Unknown",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Ninja Forms Contact Form \u2013 The Drag and Drop Form Builder for WordPress",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<",
                                            "version_name": "3.4.34",
                                            "version_value": "3.4.34"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "The wp_ajax_nf_oauth_disconnect from the Ninja Forms Contact Form \u2013 The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 had no nonce protection making it possible for attackers to craft a request to disconnect a site's OAuth connection."
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "refsource": "MISC",
                "url": "https://www.wordfence.com/blog/2021/02/one-million-sites-affected-four-severe-vulnerabilities-patched-in-ninja-forms/",
                "name": "https://www.wordfence.com/blog/2021/02/one-million-sites-affected-four-severe-vulnerabilities-patched-in-ninja-forms/"
            },
            {
                "refsource": "CONFIRM",
                "url": "https://wpscan.com/vulnerability/b531fb65-a8ff-4150-a9a1-2a62a3c00bd6",
                "name": "https://wpscan.com/vulnerability/b531fb65-a8ff-4150-a9a1-2a62a3c00bd6"
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "value": "CWE-352 Cross-Site Request Forgery (CSRF)",
                        "lang": "eng"
                    }
                ]
            }
        ]
    },
    "credit": [
        {
            "lang": "eng",
            "value": "Chloe Chamberland"
        }
    ],
    "source": {
        "discovery": "UNKNOWN"
    }
}