Resignations Signal Generational Change at Apache Foundation
Why Gnome 2 Continues to Win the Desktop Popularity Contest
Where Open Hardware Is Today
Huawei and Other Mobile 'Tech Giants': You Should (Really) Break Free from Google/Android
How User Revolts Shaped the Linux Desktop
May 5th, 2016

WordPress Plugin ‘Ninja Forms’ Security Vulnerability

FOSS Force has just learned from Wordfence, a security company that focuses on the open source WordPress content management platform, that a popular plugin used by over 500,000 sites, Ninja Forms, contains serious security vulnerabilities.

In a blog post on Thursday morning, Wordfence writes:

Ninja Forms versions 2.9.36 to 2.9.42 contain multiple vulnerabilities. One of the vulnerabilities results in an attacker being able to upload and execute a shell on WordPress sites using Ninja Forms. We have developed a working exploit for internal use at Wordfence. The only information the exploit needs is a URL on the target site that has a form powered by Ninja Forms version 2.9.36 to 2.9.42.

Users of the paid professional version of Wordfence are already protected from the vulnerability. According to Wordfence, WordPress is now preparing to push a patch to all sites using the plugin that have enabled automatic updates for plugins. Other sites using the plugin are advised to update the plugin immediately.

Comments are closed.