October 1, 2022
Ninja Forms WordPress Plugin Permissions Access Exploited

Update this Vulnerable WordPress Plugin Right Now or Risk Serious Compromise

WordPress plugin Ninja Forms contained a security flaw that would allow anyone who logged in with super-admin powers, but it’s been fixed…

WordPress plugin Ninja Forms, installed on over one million sites, just received an important security update. Prior to the new version, the previous build contained a susceptible code that would allow any user who logged in to control the site entirely or gave them super-administrative permissions. In other words, any user logged in could easily perform a bulk submission export to any and all information submitted on one of the site’s forms.

Ninja Forms WordPress Plugin Permissions Access Exploited

Wordfence, the maker of a security plugin, discovered and reported the flaw to WordPress, and Ninja Forms has since been updated to fix the problem. So, any site that’s running needs to update to the most recent build. Wordfence explained:

“This vulnerability could easily be used to create a phishing campaign that could trick unsuspecting users into performing unwanted actions by abusing the trust in the domain that was used to send the email.”

Owen E. Richason IV

Covers social media, apps, search, and similar news. History buff, movie, and theme park lover. Blessed dad and husband.     

View all posts by Owen E. Richason IV →