Ninja Forms WordPress Plugin: High Severity Vulnerability Patched

Thread starter djbaxter
Start date Apr 30, 2020

More threads by djbaxter

djbaxter

Administrator

Apr 30, 2020

High Severity Vulnerability Patched in Ninja Forms
Wordfence.com
April 30, 2020

On April 27, 2020, the Wordfence Threat Intelligence team discovered a Cross-Site Request Forgery(CSRF) vulnerability in Ninja Forms, a WordPress plugin with over 1 million installations. This vulnerability could allow an attacker to trick an administrator into importing a contact form containing malicious JavaScript and replace any existing contact form with the malicious version.

We reached out to Ninja Form’s security team according to their Responsible Disclosure Guidelines and they replied within a few hours. The plugin was patched less than 24 hours after our initial contact, on April 28, 2020.

If you use the Ninja Forms plugin, update it immediately.

Read more...

You must log in or register to reply here.

Similar threads

Important WordPress 5.8.3 Security Release

Replies: 0

Views: 3K

Jan 9, 2022

djbaxter

WordPress: Contact Form 7 File Upload Vulnerability

Replies: 0

Views: 4K

Dec 18, 2020

djbaxter

Contact Form 7 Datepicker - High Vulnerability Leads To Plugin Closure

Replies: 1

Views: 4K

Apr 2, 2020

djbaxter

WordPress Sites Targeted in Large-Scale Attacks

Replies: 0

Views: 3K

May 5, 2020

djbaxter

Zero-Day Vulnerability in ThemeREX Addons Plugin

Replies: 0

Views: 2K

Feb 19, 2020

djbaxter

Facebook X (Twitter) Email Link

Login / Register

Already a member? LOG IN
Not a member yet? REGISTER

Share this page

Facebook X (Twitter) Email Link

LocalU Event

Newest Posts

P
LSA stopped delivering ads after an edit, but Google profile is still verified
- Latest: PhxAZattorney
- Today at 2:56 PM
Paid Search and Local Service Ads
How important are Yelp reviews for local SEO and brand reputation?
- Latest: mattstephenskc
- Today at 11:56 AM
Local Reviews
O
LSA calls (ranking?) fluctuate like crazy
- Latest: Omri
- Today at 11:23 AM
Paid Search and Local Service Ads
P
Is it best practice to include the business city in the "Service Area" section?
- Latest: prasadmahes
- Today at 11:20 AM
Google Business Profile (GBP) & Google Maps
GBP request to register AED (Automated External Defibrillator)
- Latest: Shelly
- Today at 9:58 AM
Google Business Profile (GBP) & Google Maps
Attempt to Verify Multi Location Rejection
- Latest: AspiringMapExpert
- Today at 8:14 AM
Consultant's Corner
Email notification for Google Ads - Customer Match violation and suspension
- Latest: JeffClevelandTN
- Yesterday at 8:15 PM
Paid Search and Local Service Ads

Trending: Most Replies

Trending: Most Viewed

P
Spam Fighting? Redressal Form still working?
- Started by Powersupport
- Mar 20, 2024
- Views: 7K
Google Business Profile (GBP) & Google Maps
J
New photo upload interface and file size requirements
- Started by JS Girard
- Mar 25, 2024
- Views: 7K
Google Business Profile (GBP) & Google Maps
Florist ordered to pay $1 million for misleading online star ratings
- Started by Orlando Sydney
- Mar 20, 2024
- Views: 7K
Google Business Profile (GBP) & Google Maps
U
Duplicate LSA Accounts: Competitor Gaming the System with Shared Reviews?
- Started by UniqueTradesMarketer
- Mar 21, 2024
- Views: 7K
Paid Search and Local Service Ads
Best Practice For Removing Duplicate Citations from different office locations?
- Started by Oliver Keates
- Mar 21, 2024
- Views: 7K
Multi-Location Issues

Promoted Posts

New advertising option: A review of your product or service posted by a Sterling Sky employee. This will also be shared on the Sterling Sky & LSF Twitter accounts, our Facebook group, LinkedIn, and both newsletters. More...

Local Search Pros Facebook

This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.

Accept Learn more…

Top Bottom