Search criteria
2 vulnerabilities found for ninjafirewall by nintechnet
CVE-2021-4451 (GCVE-0-2021-4451)
Vulnerability from nvd – Published: 2024-10-16 06:43 – Updated: 2024-10-16 19:07
VLAI?
Title
NinjaFirewall <= 4.3.3 - Authenticated PHAR Deserialization
Summary
The NinjaFirewall plugin for WordPress is vulnerable to Authenticated PHAR Deserialization in versions up to, and including, 4.3.3. This allows authenticated attackers to perform phar deserialization on the server. This deserialization can allow other plugin or theme exploits if vulnerable software is present (WordPress, and NinjaFirewall).
Severity ?
6.6 (Medium)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nintechnet | NinjaFirewall (WP Edition) – Advanced Security Plugin and Firewall |
Affected:
* , < 4.3.4
(semver)
|
Credits
Chloe Chamberland
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ninjatechnologiesnetwork:ninja_firewall:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ninja_firewall",
"vendor": "ninjatechnologiesnetwork",
"versions": [
{
"lessThan": "4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-4451",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T18:59:15.346812Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T19:07:11.134Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NinjaFirewall (WP Edition) \u2013 Advanced Security Plugin and Firewall",
"vendor": "nintechnet",
"versions": [
{
"lessThan": "4.3.4",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Chloe Chamberland"
}
],
"descriptions": [
{
"lang": "en",
"value": "The NinjaFirewall plugin for WordPress is vulnerable to Authenticated PHAR Deserialization in versions up to, and including, 4.3.3. This allows authenticated attackers to perform phar deserialization on the server. This deserialization can allow other plugin or theme exploits if vulnerable software is present (WordPress, and NinjaFirewall)."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T06:43:24.799Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1a1fc6c9-50cd-40fd-a777-9eed98aab797?source=cve"
},
{
"url": "https://blog.nintechnet.com/security-issue-fixed-in-ninjafirewall-wp-edition/"
}
],
"timeline": [
{
"lang": "en",
"time": "2021-05-30T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "NinjaFirewall \u003c= 4.3.3 - Authenticated PHAR Deserialization"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2021-4451",
"datePublished": "2024-10-16T06:43:24.799Z",
"dateReserved": "2024-10-15T18:41:39.775Z",
"dateUpdated": "2024-10-16T19:07:11.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-4451 (GCVE-0-2021-4451)
Vulnerability from cvelistv5 – Published: 2024-10-16 06:43 – Updated: 2024-10-16 19:07
VLAI?
Title
NinjaFirewall <= 4.3.3 - Authenticated PHAR Deserialization
Summary
The NinjaFirewall plugin for WordPress is vulnerable to Authenticated PHAR Deserialization in versions up to, and including, 4.3.3. This allows authenticated attackers to perform phar deserialization on the server. This deserialization can allow other plugin or theme exploits if vulnerable software is present (WordPress, and NinjaFirewall).
Severity ?
6.6 (Medium)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nintechnet | NinjaFirewall (WP Edition) – Advanced Security Plugin and Firewall |
Affected:
* , < 4.3.4
(semver)
|
Credits
Chloe Chamberland
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ninjatechnologiesnetwork:ninja_firewall:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ninja_firewall",
"vendor": "ninjatechnologiesnetwork",
"versions": [
{
"lessThan": "4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-4451",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T18:59:15.346812Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T19:07:11.134Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NinjaFirewall (WP Edition) \u2013 Advanced Security Plugin and Firewall",
"vendor": "nintechnet",
"versions": [
{
"lessThan": "4.3.4",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Chloe Chamberland"
}
],
"descriptions": [
{
"lang": "en",
"value": "The NinjaFirewall plugin for WordPress is vulnerable to Authenticated PHAR Deserialization in versions up to, and including, 4.3.3. This allows authenticated attackers to perform phar deserialization on the server. This deserialization can allow other plugin or theme exploits if vulnerable software is present (WordPress, and NinjaFirewall)."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T06:43:24.799Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1a1fc6c9-50cd-40fd-a777-9eed98aab797?source=cve"
},
{
"url": "https://blog.nintechnet.com/security-issue-fixed-in-ninjafirewall-wp-edition/"
}
],
"timeline": [
{
"lang": "en",
"time": "2021-05-30T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "NinjaFirewall \u003c= 4.3.3 - Authenticated PHAR Deserialization"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2021-4451",
"datePublished": "2024-10-16T06:43:24.799Z",
"dateReserved": "2024-10-15T18:41:39.775Z",
"dateUpdated": "2024-10-16T19:07:11.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}