14 Days Free Trial
Advertisement
  1. SEJ
  2.  » 
  3. News

WordPress: Bugs Detected in Ninja Forms Plugin, 1M Sites Affected

Four major bugs in the Ninja Forms plugin for WordPress have been detected. Immediate update is recommended.

WordPress: Bugs Detected in Ninja Forms Plugin, 1M Sites Affected
Advertisement

Exploits detected in the Ninja Forms plugin for WordPress, installed on over a million sites, can lead to a complete site takeover if not patched.

Wordfence detected a total of four vulnerabilities in the Ninja Forms WordPress plugin that could allow attackers to:

  • Redirect site administrators to random locations.
  • Install a plugin that could be used to intercept all mail traffic.
  • Retrieve the Ninja Form OAuth Connection Key used to establish a connection with the Ninja Forms central management dashboard.
  • Trick a site administrators into performing an action that could disconnect a site’s OAuth Connection.

Those vulnerabilities could lead to attackers taking control of a site and performing any number of malicious actions.

Due to the severity of the exploits, an immediate update of the plugin is recommended. As of February 8 all vulnerabilities are patched in version 3.4.34.1 of the Ninja Forms plugin.

Ninja Forms is a popular plugin that allows site owners to build contact forms using an uncomplicated drag and drop interface.

It currently has over 1 million active installations. If you have a contact form on your site, and you’re not sure which plugin it’s built with, it’s worth checking to see if you’re using Ninja Forms.

A quick update of the plugin will protect your site from all the above listed vulnerabilities.

The speed at which these vulnerabilities were patched shows how committed the plugin’s developers are to keeping it safe.

Wordfence reports it made the Ninja Forms developers aware of the vulnerabilities on January 20, and they were all patched by February 8.

Vulnerability Exploits – The 3rd Greatest Threat to WordPress Sites

Vulnerability exploits are a significant threat to WordPress sites. It’s important to update your plugins regularly so you have the latest security patches.

Advertisement
Continue Reading Below

A report published last month lists vulnerability exploits as third among the top 3 threats to WordPress sites.

In total there were 4.3 billion attempts to exploit vulnerabilities from over 9.7 million unique IP addresses in 2020.

It’s such a common attack that out of 4 million sites analyzed in the report, every one of them experienced at least one vulnerability exploit attempt last year.

Adding a firewall to your WordPress site is another way to keep it safe, as it can prevent attackers from abusing plugin vulnerabilities even if they haven’t been patched yet.

Advertisement
Continue Reading Below

When adding a new plugin to your site it’s a good practice to check when it was last updated. It’s a good sign when plugins have been updated within recent weeks or months.

Abandoned plugins are a greater threat to sites because they may contain unpatched vulnerabilities.

For more tips on keeping your site safe, see: How to Protect a WordPress Site from Hackers.

Avoid Pirated Plugins

Avoid using pirated versions of paid plugins at all costs, as they’re the source of most widespread threat to WordPress security.

Malware from pirated themes and plugins is the number one threat to WordPress sites. Over 17% of all infected sites in 2020 had malware from a pirated plugin or theme.

Until recently it was possible to download pirated plugins from official WordPress repositories, but as of this week they have been removed.

Advertisement
Continue Reading Below

Source: Wordfence

ADVERTISEMENT

Subscribe to SEJ

Get our daily newsletter from SEJ's Founder Loren Baker about the latest news in the industry!

Topic(s) of Interest*
Ebook

Matt Southern

Lead News Writer at Search Engine Journal

Matt Southern has been the lead news writer at Search Engine Journal since 2013. With a degree in communications, Matt ... [Read full bio]

ADVERTISEMENT
Advertisement
Read the Next Article
Read the Next