- Sep 29, 2021
WordPress Ninja Forms at risk exposes over a million sites
WordPress ninja forms could expose your site to numerous vulnerabilities. It has affected over one million WordPress installations.
There seems to be nothing wrong with the WordPress REST API itself. The problems reside in how WordPress plugins have designed their interactions with the REST API.
The vulnerabilities originated from the single REST API validation issue related to Permissions Callbacks. The permissions callback is a part of the authentication process that restricts access to REST API Endpoints to authorized users.
The vulnerabilities include:
- Sensitive Information Disclosure
- Unprotected REST-API to Email Injection
Users of the WordPress Ninja Forms plugin should update their plugin immediately.
Read more at www.searchenginejournal.com