WordPress Ninja Forms at risk exposes over a million sites

Sep 29, 2021

WordPress Ninja Forms at risk exposes over a million sites

WordPress ninja forms could expose your site to numerous vulnerabilities. It has affected over one million WordPress installations.

There seems to be nothing wrong with the WordPress REST API itself. The problems reside in how WordPress plugins have designed their interactions with the REST API.

The vulnerabilities originated from the single REST API validation issue related to Permissions Callbacks. The permissions callback is a part of the authentication process that restricts access to REST API Endpoints to authorized users.

The vulnerabilities include:

Sensitive Information Disclosure
Unprotected REST-API to Email Injection

Users of the WordPress Ninja Forms plugin should update their plugin immediately.

Read more at www.searchenginejournal.com

WordPress Ninja Forms at risk exposes over a million sites

X Advances With New ID Confirmation Elements to Combat Bots

Instagram Tests New Reels Display for Multi-Advertiser Ads

Instagram Introduces the Option to Share Feed Posts With 'Close Friends' Only

Instagram To Introduce New Option to Hide Your Like Activity in the App

Recommended For You