No time right now?
Security researchers have found several security holes in the WordPress plugin Ninja-Forms. Around one million websites are said to be affected. A patch is already available.
The exploitation of vulnerabilities is one of the three biggest threats to the security of WordPress sites. According to a report by the security researchers at Wordfence, cyber criminals are said to have made 4.3 billion attempts to exploit security gaps in the past year alone. Now the Wordfence experts have made several vulnerabilities in the popular WordPress plugin Ninja-Forms public.
Patch: Update auf Ninja-Forms-Version 3.5.0
Accordingly, the security holes were discovered in January and fixed by the manufacturer. A patch was released on February 8th. However, users of the Ninja Forms plugin – WordPress states more than a million active users – have to update to the current and patched version 3.5.0 as soon as possible. Otherwise, Wordfence warns, it would be possible for cybercriminals to take control of the affected site.
Wordfence has identified four vulnerabilities in total, as Searchenginejournal reports. Among other things, these enable attackers to intercept e-mail traffic using a specially installed plug-in. This makes it possible, for example, to trigger a password reset for an admin account and intercept the relevant data if the admin user name is known. In addition, by manipulating the OAuth connection of the website concerned, users could be redirected to malicious pages.
Creation of forms for WordPress websites
Ninja-Forms is one of the most popular plugins that enable the integration of contact or booking forms on WordPress websites. The plugin makes it easier for users to create forms by using drag & drop as well as ready-made layouts and styles.