Ninja Forms WordPress plugin patch prevents takeover of 1M sites

The developers of Ninja Forms, a WordPress plugin with more than 1 million installations, have fixed a high severity security vulnerability that can let attackers inject malicious code and take over websites using an unpatched version of the plugin.

The vulnerability is a Cross-Site Request Forgery (CSRF) that leads to Stored Cross-Site Scripting (Stored XSS) attacks and it affects all Ninja Forms versions up to 3.4.24.2.

Attackers can exploit this Ninja Forms bug by tricking WordPress admins into clicking specially crafted links that inject malicious JavaScript code as part of a…


More Info

About mblog.my

Check Also

Re-Creating The New York Times’ Website in Under 30 Minutes Using WordPress.com – WordPress.com News

Re-Creating The New York Times’ Website in Under 30 Minutes Using WordPress.com – WordPress.com News

Using WordPress blocks and the Site Editor to quickly build a lookalike of one of …