Table of Contents
Major Bugs in Ninja Forms
Attention Ninja Forms Plugin WordPress Users Wordfence major Security Company dealing with WordPress Security have detected 4 major bugs in Ninja Forms plugin for WordPress. An immediate Plugin update is recommended.
Ninja Forms is one of the very famous WordPress Form Plugins that allows site owners to build contact forms using an easy drag and drop interface. Ninja Forms is installed on over a million sites. This bug may lead to a complete site hack if not gets patched with the latest update.
These four vulnerabilities reported in the plugin may impact by the below methods to attackers.
- It may redirect site administrators to any unknown location leads to loss of access to your dashboards.
- They can install another plugin that to intercept all mail traffic.
- Attackers can retrieve Ninja Form OAuth Connection Key used and establish a connection with the Ninja Forms central management dashboard.
- Attackers can trick site administrators into performing an action that may lead disconnect a site’s OAuth Connection.
Overall these vulnerabilities may lead to attackers taking control of your WordPress site and may perform any malicious activities from your WordPress Website.
The severity of the exploits is too high, immediate update of the plugin is recommended. All vulnerabilities are patched in version 3.4.34.1 of the Ninja Forms plugin.
If you are not sure you are using Ninja Form it is worth login into your WordPress Dashboard and go to install plugins and see if it is installed or not.
A priority update of the plugin to the latest version can protect your site from all the above-listed vulnerabilities. Developers of plugins are intended to keep it safe by providing patches to these mentioned vulnerabilities reported.
Wordfence reported this issue to Ninja Forms Developers on January 20 and they have provided the path to overcome by February 8.
Conclusion
1. It is always recommended to keep updating all your plugins with the latest updates and be ahead to protect your WordPress Website safe.
2. Never ever use Pirated Plugins.
3. Don’t allow hackers to play with your WordPress installations.
4. DO NOT forget to update Ninja Forms immediately if you are using them.
5. Always use plugins from the WordPress repository only. It has a huge database of plugins to fulfill requirements.
6. It is always recommended to set auto updates utilizing the latest WordPress features for plugins and even themes.
7.WordPress also has released New Version 5.6.2. Below are the main features of WordPress. Version 5.6.2 has addressed 5 bugs. For more information, see the release notes for more details.