Update NinjaForms In WordPress To Avoid Potential Hack

May 15, 2020

Written by wukovits

Are you one of the million-plus website owners making use of Ninja Forms for WordPress? If so, be aware that the company has recently patched a serious security flaw that allowed hackers to inject malicious code and take over websites.

The attack is accomplished via a Cross-Site Request Forgery (CSRF) that leads to a Stored Cross-Site Script attack.

All versions of Ninja Forms from 3.4.24.2 and earlier are vulnerable.

Wordfence QA Engineer Ram Gall had this to say about the vulnerability:

Depending on where the JavaScript was placed in the imported form, it could be executed in a victim’s browser whenever they visited a page containing the form, whenever an Administrator visited the plugin’s Import/Export page, or whenever an Administrator attempted to edit any of the form’s fields.

As is typical with Cross-Site Scripting (XSS) attacks, a malicious script executed in an Administrator’s browser could be used to add new administrative accounts, leading to complete site takeover, while a malicious script executed in a visitor’s browser could be used to redirect that visitor to a malicious site.”

The plugin’s developers took swift action. They were informed of the issue by Wordforce on April 27th, 2020, and issued a patch just five days later. Unfortunately, based on the company’s statistics, the majority of sites making use of Ninja Forms (more than 800,000) are running old versions, and are still vulnerable.

Wordfence has rated this security flaw with a CVSS score of 8.8, which makes it a high severity issue. If you use the plugin in any capacity, it’s important that you patch to the latest version as soon as possible to help keep your system secure.

Kudos to the sharp-eyed team at Wordfence for spotting the issue, and to the Ninja Forms development team for their fast action in delivering a patch!

Used with permission from Article Aggregator

Bayou Tech

We provide solutions for your business. Find out how we can help.

Related Articles

Unlocking Small Business Success: The Impact of AI in a Digital Era

In the rapidly evolving business landscape, staying competitive necessitates embracing technological advancements. Artificial Intelligence (AI), once perceived as a luxury for larger enterprises, is now accessible to small businesses, offering new opportunities for...

Major Cyber Attack at OMV

Louisiana’s Office of Motor Vehicles (OMV) is one of a still undetermined number of government entities, major businesses, and organizations to be affected by an unprecedented Data Breach.There is no indication at this time that cyber attackers who breached MOVEit...

New Graphene Technology May Increase Hard Drive Storage

HDDs are old, well understood technology. They haven't changed much in recent years. In fact, increasingly, people are writing them off, preferring SSDs for their greater speed and smaller size, even though HDDs are less expensive. The clever folks at the University...

Send us a message

Your message was sent.