730K WordPress sites force-updated to patch critical plugin bug

WordPress sites using Ninja Forms, a forms builder plugin with more than 1 million installations, have been force-updated en masse this week to a new build that addresses a critical security vulnerability likely exploited in the wild.

The vulnerability is a code injection vulnerability affecting multiple Ninja Forms releases, starting with version 3.0 and up.

Wordfence threat analyst Ramuel Gall discovered when reverse-engineering the patch that unauthenticated attackers can exploit this bug remotely to call various Ninja forms classes using a flaw in the Merge Tags feature.

Successful…


More Info

About mblog.my

Check Also

Morphii Pro and Pro+ for WordPress Plugin Upgrades Now Available

Morphii Pro and Pro+ Plugin “Moprhii makes the feedback experience a little more fun and …

Leave a Reply

Your email address will not be published. Required fields are marked *