Ninja Forms WordPress Plugin: High Severity Vulnerability Patched

Thread starter djbaxter
Start date Apr 30, 2020

More threads by djbaxter

djbaxter

Administrator

Apr 30, 2020

High Severity Vulnerability Patched in Ninja Forms
Wordfence.com
April 30, 2020

On April 27, 2020, the Wordfence Threat Intelligence team discovered a Cross-Site Request Forgery(CSRF) vulnerability in Ninja Forms, a WordPress plugin with over 1 million installations. This vulnerability could allow an attacker to trick an administrator into importing a contact form containing malicious JavaScript and replace any existing contact form with the malicious version.

We reached out to Ninja Form’s security team according to their Responsible Disclosure Guidelines and they replied within a few hours. The plugin was patched less than 24 hours after our initial contact, on April 28, 2020.

If you use the Ninja Forms plugin, update it immediately.

Read more...

You must log in or register to reply here.

Similar threads

Important WordPress 5.8.3 Security Release

Replies: 0

Views: 4K

Jan 9, 2022

djbaxter

WordPress: Contact Form 7 File Upload Vulnerability

Replies: 0

Views: 6K

Dec 18, 2020

djbaxter

Contact Form 7 Datepicker - High Vulnerability Leads To Plugin Closure

Replies: 1

Views: 5K

Apr 2, 2020

djbaxter

WordPress Sites Targeted in Large-Scale Attacks

Replies: 0

Views: 5K

May 5, 2020

djbaxter

Zero-Day Vulnerability in ThemeREX Addons Plugin

Replies: 0

Views: 3K

Feb 19, 2020

djbaxter

Facebook X Bluesky LinkedIn Reddit Email Link

Login / Register

Already a member? LOG IN
Not a member yet? REGISTER

Events

Newest Posts

It appears that Google has removed more reviews this past week.
- Latest: keyserholiday
- Yesterday at 9:59 PM
Local Reviews
[Question] Why this specific Local branded term brings up the weather forecast?
- Latest: LightOfHeaven
- Yesterday at 5:38 PM
Local Search
Time-of-day swings in Local Falcon SoLV (morning boost, noon drop) — what’s causing it and how do you normalize?
- Latest: fisicx
- Yesterday at 11:23 AM
Local Search
Using ChatGPT for Google Business Profiles and citation building?
- Latest: fisicx
- Friday at 2:30 PM
Citations
Title Tag Devalued to Zero? Here's An Odd One
- Latest: codyecp
- Friday at 2:25 PM
Organic SEO
Trying to take video for verification, but each time I try to start the video it takes me back to the initial verification page
- Latest: codyecp
- Friday at 2:18 PM
Help & Support for Google Local
Company Book Online Link to Site
- Latest: luischavez0104
- Friday at 1:03 PM
Google Business Profile (GBP) & Google Maps

Share this page

Facebook X Bluesky LinkedIn Reddit Email Link

This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.

Accept Learn more…

Back

Top Bottom

Ninja Forms WordPress Plugin: High Severity Vulnerability Patched

djbaxter

Administrator

Similar threads

Login / Register

Events

Newest Posts

Trending content

Share this page