CVE-2021-4451

MEDIUM

Nintechnet Ninjafirewall < 4.3.3 - Insecure Deserialization

Title source: rule

Description

The NinjaFirewall plugin for WordPress is vulnerable to Authenticated PHAR Deserialization in versions up to, and including, 4.3.3. This allows authenticated attackers to perform phar deserialization on the server. This deserialization can allow other plugin or theme exploits if vulnerable software is present (WordPress, and NinjaFirewall).

References (2)

[Patch] https://blog.nintechnet.com/security-issue-fixed-in-ninjafirewall-wp-edition/

[Third Party Advisory] https://www.wordfence.com/threat-intel/vulnerabilities/id/1a1fc6c9-50cd-40fd-a777-9eed98aab797?source=cve

Scores

CVSS v3 6.6

EPSS 0.0098

EPSS Percentile 76.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-502

Status published

Affected Products (1)

nintechnet/ninjafirewall < 4.3.3

Timeline

Published Oct 16, 2024

Tracked Since Feb 18, 2026