Critical Vulnerability in Ninja Forms Plugin
Recently it has been discovered that there is a critical vulnerability in the popular Ninja Forms plugin for WordPress.
The vulnerability affects versions 2.9.36 to 2.9.42 and is one of a number of vulnerabilities discovered. You are advised to update the plugin as soon as possible due to the severity of the primary vulnerability.
The primary vulnerability allows an attacker to upload and execute a shell on WordPress, all that is required is a URL on the target site containing a Ninja Form. This is about as severe as a vulnerability can get allowing attackers full control over the file system and the ability to upload malicious code. It is very unusual an exploit this bad is available in such a well known plugin believed to be in use on over 500,000 websites.
If you are running Ninja Forms in the versions outlined above we would advise immediately updating the plugin and also running a full system scan to ensure your site has not been compromised.
WordPress have also released a forced plugin update (due to the severity of the issue) which is starting to show on sites around the web.
Although this is not a plugin we personally use on our sites it still highlights the need to be vigilant in maintaining backups and keeping WordPress core and plugins up to date to ensure your site is kept secure.
If you need help updating your site or you have been compromised and need help recovering your site please do not hesitate to give us a no obligation call for a chat.