Over a Million Websites Are at Risk Due to a WordPress Ninja Forms Vulnerability
Ninja Forms, a popular WordPress contact form, was discovered to have two vulnerabilities that affected over 1 million WordPress installations. This is the latest in a long line of REST API-related flaws that have been uncovered in a variety of WordPress plugins.
Key takeaways:
- The two vulnerabilities were caused by a single REST API validation flaw found in the Permissions Callbacks.
- The permissions callback is an element of the authentication process that only allows authorized users access to REST API Endpoints.
- Sensitive Information Disclosure and Unprotected REST-API to Email Injection are the two vulnerabilities.