The Great GNU/Linux Division
What's Wrong With the Music Modernization Act
The Demise of Google+ and the Case for FOSS
Gael Duval, Father of User Friendly Linux, on Mandrake and /e/ Phone
The Two Solitudes of GNOME and KDE
May 5th, 2016

WordPress Plugin ‘Ninja Forms’ Security Vulnerability

FOSS Force has just learned from Wordfence, a security company that focuses on the open source WordPress content management platform, that a popular plugin used by over 500,000 sites, Ninja Forms, contains serious security vulnerabilities.

In a blog post on Thursday morning, Wordfence writes:

Ninja Forms versions 2.9.36 to 2.9.42 contain multiple vulnerabilities. One of the vulnerabilities results in an attacker being able to upload and execute a shell on WordPress sites using Ninja Forms. We have developed a working exploit for internal use at Wordfence. The only information the exploit needs is a URL on the target site that has a form powered by Ninja Forms version 2.9.36 to 2.9.42.

Users of the paid professional version of Wordfence are already protected from the vulnerability. According to Wordfence, WordPress is now preparing to push a patch to all sites using the plugin that have enabled automatic updates for plugins. Other sites using the plugin are advised to update the plugin immediately.

Comments are closed.