Unrated severityNVD Advisory· Published Oct 16, 2024· Updated Apr 8, 2026
NinjaFirewall <= 4.3.3 - Authenticated PHAR Deserialization
CVE-2021-4451
Description
The NinjaFirewall plugin for WordPress is vulnerable to Authenticated PHAR Deserialization in versions up to, and including, 4.3.3. This allows authenticated attackers to perform phar deserialization on the server. This deserialization can allow other plugin or theme exploits if vulnerable software is present (WordPress, and NinjaFirewall).
Affected products
3- Range: <=4.3.3
- nintechnet/NinjaFirewall (WP Edition) – Advanced Security Plugin and Firewallv5Range: 0
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.