Get a Pentest and security assessment of your IT network.

News

Ninja Forms WordPress plugin patch prevents takeover of 1M sites

Vulnerability is a Cross-Site Request Forgery (CSRF) that leads to Stored Cross-site Scripting (Stored XSS) attacks. Attackers can exploit this vulnerability by tricking WordPress admins into clicking specially crafted links that inject malicious JavaScript code as part of a newly-imported contact form. The vulnerability was discovered and reported responsibly to Ninja Forms’ developer Saturday Drive by Wordfence on April 27 and a security fix for the issue was published with version 3.4.24.2 within less than a day after the initial disclosure report.

Source: https://www.bleepingcomputer.com/news/security/ninja-forms-wordpress-plugin-patch-prevents-takeover-of-1m-sites/

Related posts
News

Ashley Madison 2.0 Hackers Leak 20GB Data Dump, Including CEO's Emails

News

Art of Twitter account hacking

News

Vulnerabilities In Alibaba threatens security of million users

News

Russian cybercriminal Roman Seleznev gets another prison sentence