Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for NinjaFirewall (WP Edition) – Advanced Security Plugin and Firewall by nintechnet

    CVE-2021-4451 (GCVE-0-2021-4451)

    Vulnerability from nvd – Published: 2024-10-16 06:43 – Updated: 2026-04-08 16:38
    VLAI
    Title
    NinjaFirewall <= 4.3.3 - Authenticated PHAR Deserialization
    Summary
    The NinjaFirewall plugin for WordPress is vulnerable to Authenticated PHAR Deserialization in versions up to, and including, 4.3.3. This allows authenticated attackers to perform phar deserialization on the server. This deserialization can allow other plugin or theme exploits if vulnerable software is present (WordPress, and NinjaFirewall).
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    nintechnet NinjaFirewall (WP Edition) – Advanced Security Plugin and Firewall Affected: 0 , < 4.3.4 (semver)
    Create a notification for this product.
    ninjatechnologiesnetwork ninja_firewall Affected: 0 , < 4.3.4 (custom)
        cpe:2.3:a:ninjatechnologiesnetwork:ninja_firewall:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Chloe Chamberland
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:ninjatechnologiesnetwork:ninja_firewall:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ninja_firewall",
                "vendor": "ninjatechnologiesnetwork",
                "versions": [
                  {
                    "lessThan": "4.3.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-4451",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-16T18:59:15.346812Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-16T19:07:11.134Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "NinjaFirewall (WP Edition) \u2013 Advanced Security Plugin and Firewall",
              "vendor": "nintechnet",
              "versions": [
                {
                  "lessThan": "4.3.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Chloe Chamberland"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The NinjaFirewall plugin for WordPress is vulnerable to Authenticated PHAR Deserialization in versions up to, and including, 4.3.3. This allows authenticated attackers to perform phar deserialization on the server.  This deserialization can allow other plugin or theme exploits if vulnerable software is present (WordPress, and NinjaFirewall)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.6,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:38:00.833Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1a1fc6c9-50cd-40fd-a777-9eed98aab797?source=cve"
            },
            {
              "url": "https://blog.nintechnet.com/security-issue-fixed-in-ninjafirewall-wp-edition/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2021-05-30T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "NinjaFirewall \u003c= 4.3.3 - Authenticated PHAR Deserialization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2021-4451",
        "datePublished": "2024-10-16T06:43:24.799Z",
        "dateReserved": "2024-10-15T18:41:39.775Z",
        "dateUpdated": "2026-04-08T16:38:00.833Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2021-4451 (GCVE-0-2021-4451)

    Vulnerability from cvelistv5 – Published: 2024-10-16 06:43 – Updated: 2026-04-08 16:38
    VLAI
    Title
    NinjaFirewall <= 4.3.3 - Authenticated PHAR Deserialization
    Summary
    The NinjaFirewall plugin for WordPress is vulnerable to Authenticated PHAR Deserialization in versions up to, and including, 4.3.3. This allows authenticated attackers to perform phar deserialization on the server. This deserialization can allow other plugin or theme exploits if vulnerable software is present (WordPress, and NinjaFirewall).
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    nintechnet NinjaFirewall (WP Edition) – Advanced Security Plugin and Firewall Affected: 0 , < 4.3.4 (semver)
    Create a notification for this product.
    ninjatechnologiesnetwork ninja_firewall Affected: 0 , < 4.3.4 (custom)
        cpe:2.3:a:ninjatechnologiesnetwork:ninja_firewall:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Chloe Chamberland
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:ninjatechnologiesnetwork:ninja_firewall:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ninja_firewall",
                "vendor": "ninjatechnologiesnetwork",
                "versions": [
                  {
                    "lessThan": "4.3.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-4451",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-16T18:59:15.346812Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-16T19:07:11.134Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "NinjaFirewall (WP Edition) \u2013 Advanced Security Plugin and Firewall",
              "vendor": "nintechnet",
              "versions": [
                {
                  "lessThan": "4.3.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Chloe Chamberland"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The NinjaFirewall plugin for WordPress is vulnerable to Authenticated PHAR Deserialization in versions up to, and including, 4.3.3. This allows authenticated attackers to perform phar deserialization on the server.  This deserialization can allow other plugin or theme exploits if vulnerable software is present (WordPress, and NinjaFirewall)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.6,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:38:00.833Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1a1fc6c9-50cd-40fd-a777-9eed98aab797?source=cve"
            },
            {
              "url": "https://blog.nintechnet.com/security-issue-fixed-in-ninjafirewall-wp-edition/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2021-05-30T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "NinjaFirewall \u003c= 4.3.3 - Authenticated PHAR Deserialization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2021-4451",
        "datePublished": "2024-10-16T06:43:24.799Z",
        "dateReserved": "2024-10-15T18:41:39.775Z",
        "dateUpdated": "2026-04-08T16:38:00.833Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }