Well hello there, you are an inquisitive one aren’t you? Looking for some information on where we are perhaps?

PO Box 99, Balgowlah
NSW, 2093
(+61)  (0)2 8097 7957
hello@wpdsydney.com.au

WordPress Development Sydney

Critical Vulnerability in Ninja Forms Plugin

ninjaRecently it has been discovered that there is a critical vulnerability in the popular Ninja Forms plugin for WordPress.

The vulnerability affects versions 2.9.36 to 2.9.42 and is one of a number of vulnerabilities discovered. You are advised to update the plugin as soon as possible due to the severity of the primary vulnerability.

The primary vulnerability allows an attacker to upload and execute a shell on WordPress, all that is required is a URL on the target site containing a Ninja Form. This is about as severe as a vulnerability can get allowing attackers full control over the file system and the ability to upload malicious code. It is very unusual an exploit this bad is available in such a well known plugin believed to be in use on over 500,000 websites.

If you are running Ninja Forms in the versions outlined above we would advise immediately updating the plugin and also running a full system scan to ensure your site has not been compromised.

WordPress have also released a forced plugin update (due to the severity of the issue) which is starting to show on sites around the web.

Although this is not a plugin we personally use on our sites it still highlights the need to be vigilant in maintaining backups and keeping WordPress core and plugins up to date to ensure your site is kept secure.

If you need help updating your site or you have been compromised and need help recovering your site please do not hesitate to give us a no obligation call for a chat.

Got a Question, Want a FREE Audit or Quote?
Contact Us!