• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

virusword.com

Learn Wordpress

  • Home
  • WordPress Shop
    • Fotopress
    • SEO Tool Kit
    • Social Contact
    • Tag Machine 2
    • Video Profits
  • Latest News
  • WordPress
    • Plugins
    • Themes
    • Tutorials
    • Videos
    • Woocommerce
  • About Us
  • Contact Us
    • Terms of Service
    • Privacy Policy
  • Show Search
Hide Search
Home/Plugins/NinjaForms WordPress plugin, actively exploited in wild, receives forced security update • Graham Cluley

NinjaForms WordPress plugin, actively exploited in wild, receives forced security update • Graham Cluley

NinjaForms WordPress plugin, actively exploited in wild, receives forced security update

A critical vulnerability in a WordPress plugin used on over one million websites has been patched, after evidence emerged that malicious hackers were actively exploited in the wild.

WordPress has pushed out a forced automatic update to the widely-used Ninja Forms plugin after security researchers.

According to an analysis by experts at WordFence, the vulnerability “could allow attackers to execute arbitrary code or delete arbitrary files on sites.”

Sign up to our newsletter
Security news, advice, and tips.

In short, an unauthenticated attacker could exploit the security hole in the Ninja Forms WordPress plugin to run code of their own choice, and gain complete control over a vulnerable website.

Nasty. And clearly WordPress thought so, as it appears to have initiated a forced update to third-party WordPress-powered websites running vulnerable versions of the plugin.

That forced update to the plugin took some website owners by surprise, as it occurred without any prior communication:

Website administrators who view the Ninja Forms changelog may not initially recognise quite how serious things the vulnerability was:

3.6.11 (14 June 2022)

Security Enhancements
* Apply more strict sanitization to merge tag values

If you run the Ninja Forms plugin on your WordPress website, make sure that you are running the latest version. According to Wordfence, the flaw has been fully patched in versions 3.0.34.2, 3.1.10, 3.2.28, 3.3.21.4, 3.4.34.2, 3.5.8.4, and 3.6.11.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.



Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon’s Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy.

Follow him on Twitter at @gcluley, or drop him an email.

Source link

Written by:
Abdul Wahid
Published on:
June 17, 2022

Categories: Plugins

Primary Sidebar

Wordpress

  • Content Management Systems (2)
  • Digital Marketing (4)
  • Internet Marketing (28)
  • Latest News (458)
  • Online Business (2)
  • Plugins (519)
  • Themes (521)
  • Videos (1,350)
  • Website Development (1)
  • Woocommerce (589)
  • WordPress (6)

Recent Articles

Unlock Your Internet Marketing Potential with WordPress: Tips, Tools, and Strategies

How to Use WordPress to Achieve Your Internet …

Continue Reading about Unlock Your Internet Marketing Potential with WordPress: Tips, Tools, and Strategies

Unlock Your Internet Marketing Potential: Harnessing the Power of WordPress

How to Use WordPress to Achieve Your Internet …

Continue Reading about Unlock Your Internet Marketing Potential: Harnessing the Power of WordPress

Search our site

Explore more

Get our Wordpress Guide Get Plugins Get Connected

Footer

VirusWord by Promaps, Inc.

Barnes Place
Colombo 7, Western 00700

Copyright © 2025 · Promaps, Inc.

Keep In Touch

  • Email
  • Facebook
  • Instagram
  • Pinterest
  • Twitter