Vulnerabilities > CVE-2021-4451 - Deserialization of Untrusted Data vulnerability in Nintechnet Ninjafirewall
Attack vector
NETWORK Attack complexity
LOW Privileges required
HIGH Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
The NinjaFirewall plugin for WordPress is vulnerable to Authenticated PHAR Deserialization in versions up to, and including, 4.3.3. This allows authenticated attackers to perform phar deserialization on the server. This deserialization can allow other plugin or theme exploits if vulnerable software is present (WordPress, and NinjaFirewall).
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |