Get a Pentest and security assessment of your IT network.

Cyber Security

Ninja Forms WordPress plugin patch prevents takeover of 1M sites

Vulnerability is a Cross-Site Request Forgery (CSRF) that leads to Stored Cross-site Scripting (Stored XSS) attacks. Attackers can exploit this vulnerability by tricking WordPress admins into clicking specially crafted links that inject malicious JavaScript code as part of a newly-imported contact form. The vulnerability was discovered and reported responsibly to Ninja Forms’ developer Saturday Drive by Wordfence on April 27 and a security fix for the issue was published with version 3.4.24.2 within less than a day after the initial disclosure report.

Source: https://www.bleepingcomputer.com/news/security/ninja-forms-wordpress-plugin-patch-prevents-takeover-of-1m-sites/

Related posts
Cyber Security

Zip Codes & PII: Are They Personal Data?

Cyber Security

Zero-Day Vulnerabilities: User Defence Guide

Cyber Security

Zero Knowledge Voting with Trusted Server

Cyber Security

ZeroNet: 51% Attack Risks & Mitigation