djbaxter

Administrator
Administrator
Moderator
Joined
Jun 28, 2012
Messages
3,531
Reaction score
1,687
High Severity Vulnerability Patched in Ninja Forms
Wordfence.com
April 30, 2020

On April 27, 2020, the Wordfence Threat Intelligence team discovered a Cross-Site Request Forgery(CSRF) vulnerability in Ninja Forms, a WordPress plugin with over 1 million installations. This vulnerability could allow an attacker to trick an administrator into importing a contact form containing malicious JavaScript and replace any existing contact form with the malicious version.

We reached out to Ninja Form’s security team according to their Responsible Disclosure Guidelines and they replied within a few hours. The plugin was patched less than 24 hours after our initial contact, on April 28, 2020.
If you use the Ninja Forms plugin, update it immediately.

Read more...
 
Similar threads
Thread starter Title Forum Replies Date
heckler SEO Ninjas? Break Room: Chat and Off Topic 13
nathangdavidson Is anyone able to look into escalating inaction to redressal forms submitted for me please? Spam on Google 3
BenFisher PSA: GMB Not Showing Address Form on Verification - BUG Google My Business & Google Maps 3
raellovepie Redressal Form - What Should I Expect? Spam on Google 2
djbaxter WordPress: Contact Form 7 File Upload Vulnerability Websites, Software, and Security 0
D How to properly form site structure for power washing company that serves 10 towns? Local Search 6
LaurenHoward Google Analytics Recovery Form Broken? Local SEO Tools & Software 5
WAHamilton Spam listing reported through Redressal Form and not removed. Next steps? Spam on Google 5
P GMB bulk verification form not available? Multi-Location Issues 3
A Form to Report Google Users for Spam? Local Search 3
ChristianRdz Redressal Form Changes? Google My Business & Google Maps 3
ianscott Contact Form 7 Datepicker - High Vulnerability Leads To Plugin Closure Websites, Software, and Security 1
T How has your experience been so far with Google's Redressal Complaint Form? Recycle Bin 2
Matthew Summers If I Report a Spammer via the Redressal Form, will said Spammer know who did it? Spam on Google 2
BenFisher GMB Redressal Form Updated - Clarifies what to NOT submit. Spam on Google 17
W How to report with Redressal Form Google My Business & Google Maps 8
djbaxter Test your Contact Form 7 on WordPress sites! Recycle Bin 4
djbaxter Testing a new addon to block Contact Form spam Admin Stuff 7
JoyHawkins Google My Business Adds a New Contact Form for Restaurants to Remove Online Ordering Google News: Important Changes & Features 0
Michael S. Doran How has your experience been so far with Google's Redressal Complaint Form? Recycle Bin 0
Pete DUP: Redressal Form Purely Cosmetic? Recycle Bin 0
Pete Redressal Form Purely Cosmetic? Google My Business & Google Maps 12
S Multi Fake GMB listings. What evidence is best to send to support my case(s) in redressal form? Google My Business & Google Maps 4
R HIPAA Form for SEO Consultant Consultant's Corner 4
Tim Colling Redressal form ID 2-4776000025852 - no action after 24 days Google My Business & Google Maps 3
Oliver Keates Auto Fill Form Chrome Extension Citations 4
Tim Colling How has your experience been so far with Google's Redressal Complaint Form? Google My Business & Google Maps 58
djbaxter Seeing more contact form spam? Contact Form 7 now requires reCaptcha 3 Websites, Software, and Security 0
F Free Review Request Email Form - Personal & Effective Local SEO Tools & Software 4
JoyHawkins Writing Reviews as a New Form of Blackhat Backlinking? Local Search 4
MiriamEllis Language In New G Places For Business Form - Your Interpretation Google My Business & Google Maps 2
Linda Buquet Rash of Google+ Local Suspensions - New Re-Inclusion form for G+ Suspended Listings Google My Business & Google Maps 4
rich_marlatt What Wordpress plugins do you recommend for SEO and Schema Markup? Ask a LocalU Expert [PRIVATE] (LocalU) 5
djbaxter WordPress: The NoneNone Brute Force Attacks: Currently Active Websites, Software, and Security 0
djbaxter New features in WordPress 5.6 Websites, Software, and Security 0
djbaxter PHP 8: What WordPress Users Need to Know Websites, Software, and Security 0
djbaxter Speed Test for WordPress sites Websites, Software, and Security 1
djbaxter New WordPress Toolkit from cPanel Websites, Software, and Security 0
djbaxter Facebook & Instagram embeds on WordPress will break soon Websites, Software, and Security 1
djbaxter WordPress 5.5 update breaks plugins: Here’s the fix Websites, Software, and Security 6
Andrew Scherer Hacking QDF with WordPress Plugins Local Content 2
djbaxter Bing URL Submissions Plugin For WordPress Websites, Software, and Security 2
A What Wordpress Website Builder & Theme do you use? (Page speed in mind) Organic SEO 4
A What Wordpress Speed Optimizing Plugins do you use? Websites, Software, and Security 7
djbaxter WordPress Sites Targeted in Large-Scale Attacks Websites, Software, and Security 0
C Don’t we all want to develop fast websites? WordPress fastest page speeds using background images <srcset>, <img>, <picture>, @media, @2x retina Websites, Software, and Security 0
djbaxter Critical security flaw in WordPress Jetpack plugin Websites, Software, and Security 0
djbaxter Site Kit by Google WordPress plugin Websites, Software, and Security 11
djbaxter WordPress Rich Reviews Plugin Under Active Attack Websites, Software, and Security 1
djbaxter Malicious WordPress Redirect Campaign Attacking Several Plugins Websites, Software, and Security 1

Similar threads

Login / Register

Already a member?   LOG IN
Not a member yet?   REGISTER

Most UpVoted Answers

LocalU Podcasts

  Promoted Posts

New advertising option: A review of your product or service posted by a Sterling Sky employee. This will also be shared on the Sterling Sky & LSF Twitter accounts, our Facebook group, LinkedIn, and both newsletters. More...
Google Product Exert


Top Bottom