Search
Find a vulnerability
Search criteria
2 vulnerabilities found for ninjafirewall by nintechnet
CVE-2021-4451 (GCVE-0-2021-4451)
Vulnerability from nvd – Published: 2024-10-16 06:43 – Updated: 2026-04-08 16:38
VLAI
EPSS
VEX
Title
NinjaFirewall <= 4.3.3 - Authenticated PHAR Deserialization
Summary
The NinjaFirewall plugin for WordPress is vulnerable to Authenticated PHAR Deserialization in versions up to, and including, 4.3.3. This allows authenticated attackers to perform phar deserialization on the server. This deserialization can allow other plugin or theme exploits if vulnerable software is present (WordPress, and NinjaFirewall).
Severity
6.6 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| nintechnet | NinjaFirewall (WP Edition) – Advanced Security Plugin and Firewall |
Affected:
0 , < 4.3.4
(semver)
|
|
| ninjatechnologiesnetwork | ninja_firewall |
Affected:
0 , < 4.3.4
(custom)
cpe:2.3:a:ninjatechnologiesnetwork:ninja_firewall:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ninjatechnologiesnetwork:ninja_firewall:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ninja_firewall",
"vendor": "ninjatechnologiesnetwork",
"versions": [
{
"lessThan": "4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-4451",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T18:59:15.346812Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T19:07:11.134Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NinjaFirewall (WP Edition) \u2013 Advanced Security Plugin and Firewall",
"vendor": "nintechnet",
"versions": [
{
"lessThan": "4.3.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Chloe Chamberland"
}
],
"descriptions": [
{
"lang": "en",
"value": "The NinjaFirewall plugin for WordPress is vulnerable to Authenticated PHAR Deserialization in versions up to, and including, 4.3.3. This allows authenticated attackers to perform phar deserialization on the server. This deserialization can allow other plugin or theme exploits if vulnerable software is present (WordPress, and NinjaFirewall)."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:38:00.833Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1a1fc6c9-50cd-40fd-a777-9eed98aab797?source=cve"
},
{
"url": "https://blog.nintechnet.com/security-issue-fixed-in-ninjafirewall-wp-edition/"
}
],
"timeline": [
{
"lang": "en",
"time": "2021-05-30T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "NinjaFirewall \u003c= 4.3.3 - Authenticated PHAR Deserialization"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2021-4451",
"datePublished": "2024-10-16T06:43:24.799Z",
"dateReserved": "2024-10-15T18:41:39.775Z",
"dateUpdated": "2026-04-08T16:38:00.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-4451 (GCVE-0-2021-4451)
Vulnerability from cvelistv5 – Published: 2024-10-16 06:43 – Updated: 2026-04-08 16:38
VLAI
EPSS
VEX
Title
NinjaFirewall <= 4.3.3 - Authenticated PHAR Deserialization
Summary
The NinjaFirewall plugin for WordPress is vulnerable to Authenticated PHAR Deserialization in versions up to, and including, 4.3.3. This allows authenticated attackers to perform phar deserialization on the server. This deserialization can allow other plugin or theme exploits if vulnerable software is present (WordPress, and NinjaFirewall).
Severity
6.6 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| nintechnet | NinjaFirewall (WP Edition) – Advanced Security Plugin and Firewall |
Affected:
0 , < 4.3.4
(semver)
|
|
| ninjatechnologiesnetwork | ninja_firewall |
Affected:
0 , < 4.3.4
(custom)
cpe:2.3:a:ninjatechnologiesnetwork:ninja_firewall:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ninjatechnologiesnetwork:ninja_firewall:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ninja_firewall",
"vendor": "ninjatechnologiesnetwork",
"versions": [
{
"lessThan": "4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-4451",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T18:59:15.346812Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T19:07:11.134Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NinjaFirewall (WP Edition) \u2013 Advanced Security Plugin and Firewall",
"vendor": "nintechnet",
"versions": [
{
"lessThan": "4.3.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Chloe Chamberland"
}
],
"descriptions": [
{
"lang": "en",
"value": "The NinjaFirewall plugin for WordPress is vulnerable to Authenticated PHAR Deserialization in versions up to, and including, 4.3.3. This allows authenticated attackers to perform phar deserialization on the server. This deserialization can allow other plugin or theme exploits if vulnerable software is present (WordPress, and NinjaFirewall)."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:38:00.833Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1a1fc6c9-50cd-40fd-a777-9eed98aab797?source=cve"
},
{
"url": "https://blog.nintechnet.com/security-issue-fixed-in-ninjafirewall-wp-edition/"
}
],
"timeline": [
{
"lang": "en",
"time": "2021-05-30T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "NinjaFirewall \u003c= 4.3.3 - Authenticated PHAR Deserialization"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2021-4451",
"datePublished": "2024-10-16T06:43:24.799Z",
"dateReserved": "2024-10-15T18:41:39.775Z",
"dateUpdated": "2026-04-08T16:38:00.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}