VYPR
Unrated severityNVD Advisory· Published Oct 16, 2024· Updated Apr 8, 2026

NinjaFirewall <= 4.3.3 - Authenticated PHAR Deserialization

CVE-2021-4451

Description

The NinjaFirewall plugin for WordPress is vulnerable to Authenticated PHAR Deserialization in versions up to, and including, 4.3.3. This allows authenticated attackers to perform phar deserialization on the server. This deserialization can allow other plugin or theme exploits if vulnerable software is present (WordPress, and NinjaFirewall).

Affected products

3

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.