WordPress Plug-in Ninja Forms Issues Update for Critical Bug

  /     /     /  
Publicated : 23/11/2024   Category : security


WordPress Plug-in Ninja Forms Issues Update for Critical Bug


The code injection vulnerability is being actively exploited in the wild, researchers say.



A new security update to the Ninja Forms WordPress plug-in — which has more than 1 million active installations — patches a code injection vulnerability researchers say is being actively exploited in the wild. 
The Wordfence team analyzed a recent Ninja Forms update and discovered the patch was for a critical code injection bug that could allow several exploits, including remote code execution (RCE) through deserialization of the content provided by users of the WordPress site form builder. 
Wordfence analysts note
WordPress
has pushed out a forced automatic update for the Ninja Forms plug-in; however, they suggest administrators double check theyre running the latest versions, 3.0.34.2, 3.1.10, 3.2.28, 3.3.21.4, 3.4.34.2, 3.5.8.4, and 3.6.11.
We uncovered a code injection vulnerability that made it possible for unauthenticated attackers to call a limited number of methods in various Ninja Forms classes, including a method that unserialized user-supplied content, resulting in Object Injection, the Wordfence research team wrote in its advisory about the
Ninja Forms bug
. This could allow attackers to execute arbitrary code or delete arbitrary files on sites where a separate POP chain was present.

Last News

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
WordPress Plug-in Ninja Forms Issues Update for Critical Bug