Ninja Forms WordPress Plugin: High Severity Vulnerability Patched

Thread starter djbaxter
Start date Apr 30, 2020

More threads by djbaxter

djbaxter

Administrator

Apr 30, 2020

High Severity Vulnerability Patched in Ninja Forms
Wordfence.com
April 30, 2020

On April 27, 2020, the Wordfence Threat Intelligence team discovered a Cross-Site Request Forgery(CSRF) vulnerability in Ninja Forms, a WordPress plugin with over 1 million installations. This vulnerability could allow an attacker to trick an administrator into importing a contact form containing malicious JavaScript and replace any existing contact form with the malicious version.

We reached out to Ninja Form’s security team according to their Responsible Disclosure Guidelines and they replied within a few hours. The plugin was patched less than 24 hours after our initial contact, on April 28, 2020.

If you use the Ninja Forms plugin, update it immediately.

Read more...

You must log in or register to reply here.

Similar threads

Important WordPress 5.8.3 Security Release

Replies: 0

Views: 3K

Jan 9, 2022

djbaxter

WordPress: Contact Form 7 File Upload Vulnerability

Replies: 0

Views: 5K

Dec 18, 2020

djbaxter

Contact Form 7 Datepicker - High Vulnerability Leads To Plugin Closure

Replies: 1

Views: 4K

Apr 2, 2020

djbaxter

WordPress Sites Targeted in Large-Scale Attacks

Replies: 0

Views: 4K

May 5, 2020

djbaxter

Zero-Day Vulnerability in ThemeREX Addons Plugin

Replies: 0

Views: 2K

Feb 19, 2020

djbaxter

Facebook X (Twitter) Reddit Email Link

Login / Register

Already a member? LOG IN
Not a member yet? REGISTER

Events

Newest Posts

Place ID for SAB
- Latest: keyserholiday
- Yesterday at 4:13 PM
Service Area Businesses
Duplicate?
- Latest: mikepetersonwi
- Yesterday at 12:40 PM
Google Duplicates & Merges
Google continue to reject my "service area business"
- Latest: JoyHawkins
- Yesterday at 8:09 AM
Google Business Profile (GBP) & Google Maps
How many GBP services are too many?
- Latest: ElizabethRule
- Friday at 8:28 PM
Google Business Profile (GBP) & Google Maps
New languages, restrict access, and keep ranking
- Latest: ElizabethRule
- Friday at 8:25 PM
Organic SEO
August 2024 Core Update - Anyone Else Shaking Their Head?
- Latest: Jannell Howell
- Friday at 11:01 AM
Google Algorithm Discussions
GBP edit 'not approved', but seems stuck
- Latest: Jannell Howell
- Friday at 10:50 AM
Google Business Profile (GBP) & Google Maps

Trending: Most Replies

Trending: Most Viewed

New - Photomap in Google Maps
- Started by Marcin Karwowski
- Nov 17, 2024
- Views: 2K
Google Business Profile (GBP) & Google Maps
Fun backlink hack I’ve been using lately
- Started by Invalley
- Nov 21, 2024
- Views: 1K
Organic SEO
Do local SEO agencies handle social media posting for local businesses?
- Started by DB_from_localpanda
- Nov 26, 2024
- Views: 1K
Local Content
Need Assistance with a Duplicate GBP
- Started by Matt Chauhan
- Nov 27, 2024
- Views: 1K
Google Business Profile (GBP) & Google Maps
Facebook Ads Help
- Started by SSMMatt
- Nov 22, 2024
- Views: 1K
Paid Search and Local Service Ads

Promoted Posts

New advertising option: A review of your product or service posted by a Sterling Sky employee. This will also be shared on the Sterling Sky & LSF Twitter accounts, our Facebook group, LinkedIn, and both newsletters. More...

Share this page

Facebook X (Twitter) Reddit Email Link

This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.

Accept Learn more…

Top Bottom