WordPress Ninja Forms

Last Updated on November 23, 2021 by BrodNeil

Over a Million Websites Are at Risk Due to a WordPress Ninja Forms Vulnerability

Ninja Forms, a popular WordPress contact form, was discovered to have two vulnerabilities that affected over 1 million WordPress installations. This is the latest in a long line of REST API-related flaws that have been uncovered in a variety of WordPress plugins.

Key takeaways:

  • The two vulnerabilities were caused by a single REST API validation flaw found in the Permissions Callbacks.
  • The permissions callback is an element of the authentication process that only allows authorized users access to REST API Endpoints.
  • Sensitive Information Disclosure and Unprotected REST-API to Email Injection are the two vulnerabilities.

Read more: https://www.searchenginejournal.com/wordpress-ninja-forms-vulnerability-exposes-over-a-million-sites/420726/

Leave a Comment

// Active Campaign