Ninja Forms WordPress Plugin: High Severity Vulnerability Patched

djbaxter

Administrator
Administrator
Joined
Jun 28, 2012
Messages
3,197
High Severity Vulnerability Patched in Ninja Forms
Wordfence.com
April 30, 2020

On April 27, 2020, the Wordfence Threat Intelligence team discovered a Cross-Site Request Forgery(CSRF) vulnerability in Ninja Forms, a WordPress plugin with over 1 million installations. This vulnerability could allow an attacker to trick an administrator into importing a contact form containing malicious JavaScript and replace any existing contact form with the malicious version.

We reached out to Ninja Form’s security team according to their Responsible Disclosure Guidelines and they replied within a few hours. The plugin was patched less than 24 hours after our initial contact, on April 28, 2020.
If you use the Ninja Forms plugin, update it immediately.

Read more...
 

Weekly Digest

Weekly Digest
Subscribe/Unsubscribe

Trending: Most Viewed

  Promoted Posts

New advertising option: A review of your product or service posted by a Sterling Sky employee. This will also be shared on the Sterling Sky & LSF Twitter accounts, our Facebook group, LinkedIn, and both newsletters. More...

  Local University Guide

Google Product Exert


Top