Bugs in WordPress Ninja Form Plugin Affects 1+ Million Websites
Bugs in WordPress Ninja Form Plugin Affects 1+ Million Websites
Exploits found in the Ninja Forms plugin for WordPress, installed on over 1 Million websites, can lead to a total site takeover if not fixed.
Wordfence found a sum of four vulnerabilities in the Ninja Forms WordPress plugin that could allow attackers to:
- Divert site admins to random locations.
- Install a plugin that could be used to block all mail traffic.
- Recover the Ninja Form OAuth Connection Key used to set up a connection with the Ninja Forms central management dashboard.
- Stunt a site admins into performing an action that could disconnect a site’s OAuth Connection.
Those vulnerabilities could lead to attackers taking control of a site and performing any number of malicious actions.
Because of the seriousness of the exploits, a quick update of the plugin is recommended. As of February 8 all vulnerabilities are fixed in version 3.4.34.1 of the Ninja Forms plugin.
Ninja Forms is a well known plugin that permits site owners to build contact forms using a simple drag and drop interface.
It currently has more than 1 million active installations. If you have a contact form on your site, and you don’t know which plugin it’s worked with, it’s worth verifying whether you’re using Ninja Forms.
A brisk update of the plugin will shield your site from all the above listed vulnerabilities.
The speed at which these vulnerabilities were fixed shows how dedicated the plugin’s developers are to guarding it.
Wordfence reports it made the Ninja Forms developers mindful of the vulnerabilities on January 20, and they were totally fixed by February 8.
Vulnerability Exploits – The third Greatest Threat to WordPress Sites
Vulnerability exploits are a critical danger to WordPress sites. It’s important to update your plugins consistently so you have the latest security patches.
Altogether there were 4.3 billion attempts to exploit vulnerabilities from over 9.7 million unique IP addresses in 2020.
It’s such a common attack that out of 4 million sites analyzed in the report, all of them encountered at least one vulnerability exploit attempt last year.
Adding a firewall to your WordPress site is another approach to protect it, as it can keep attackers from abusing plugin vulnerabilities regardless of whether they haven’t been fixed yet.
While adding a new plugin to your site it’s a good practice to check when it was last updated. It’s a decent sign when plugins have been updated within recent weeks or months.
Abandoned plugins are a greater danger to websites because they may contain unpatched vulnerabilities.
For additional tips on guarding your site, see: How to Protect a WordPress Site from Hackers.
Stay away from Pirated Plugins
Try not to use pirated versions of paid plugins at all costs, as they’re the source of most boundless danger to WordPress security.
Malware from pirated themes and plugins is the main danger to WordPress websites. More than 17% of all tainted websites in 2020 had malware from a pirated plugin or theme.
Until recently it was possible to download pirated plugins from official WordPress repositories; however as of this current week they have been eliminated.
We at CodeLedge, offers the Sweden’s best WordPress development services. Our WordPress developers are very professional to develop unique, efficient and light weight websites for every type of business. Email us at hi@codeledge.net or get a quote from here.
