In the Depths of the Cloud, Open Source and Proprietary Leviathans Fight to the Death
Jono Bacon Asked Google Home ‘Who Founded Linux?’ You Won’t Believe What Happened Next!
Red Hat's Women in Open Source Award Winners, 2017
Imagine an Android Phone Without Linux Inside
Linus Torvalds Talks to Debian Users
Mozilla Relents, Thunderbird Can Stay
Heed the Prophet Stallman, oh Software Sinners!
May 5th, 2016

WordPress Plugin ‘Ninja Forms’ Security Vulnerability

FOSS Force has just learned from Wordfence, a security company that focuses on the open source WordPress content management platform, that a popular plugin used by over 500,000 sites, Ninja Forms, contains serious security vulnerabilities.

In a blog post on Thursday morning, Wordfence writes:

Ninja Forms versions 2.9.36 to 2.9.42 contain multiple vulnerabilities. One of the vulnerabilities results in an attacker being able to upload and execute a shell on WordPress sites using Ninja Forms. We have developed a working exploit for internal use at Wordfence. The only information the exploit needs is a URL on the target site that has a form powered by Ninja Forms version 2.9.36 to 2.9.42.

Users of the paid professional version of Wordfence are already protected from the vulnerability. According to Wordfence, WordPress is now preparing to push a patch to all sites using the plugin that have enabled automatic updates for plugins. Other sites using the plugin are advised to update the plugin immediately.

Comments are closed.