Over a Million WordPress Sites Forcibly Updated to Patch a Critical Plugin Vulnerability

WordPress websites using a widely used plugin named Ninja Forms have been updated automatically to remediate a critical security vulnerability that’s suspected of having been actively exploited in the wild.

The issue, which relates to a case of code injection, is rated 9.8 out of 10 for severity and affects multiple versions starting from 3.0. It has been fixed in 3.0.34.2, 3.1.10, 3.2.28, 3.3.21.4, 3.4.34.2, 3.5.8.4, and 3.6.11.

CyberSecurity

Ninja Forms is a customizable contact form builder that has over 1 million installations.

According to Wordfence, the bug “made it possible for unauthenticated…


More Info

About mblog.my

Check Also

WP Engine Achieves Prestigious ISO/IEC 27001:2013 Certification for Enterprise Security for WordPress Sites

WP Engine proves maturity of security program and power of WordPress, meeting international standards for …

Leave a Reply

Your email address will not be published. Required fields are marked *