Last Updated: 2 months ago by BrodNeil
Over a Million Websites Are at Risk Due to a WordPress Ninja Forms Vulnerability
Ninja Forms, a popular WordPress contact form, was discovered to have two vulnerabilities that affected over 1 million WordPress installations. This is the latest in a long line of REST API-related flaws that have been uncovered in a variety of WordPress plugins.
Key takeaways:
- The two vulnerabilities were caused by a single REST API validation flaw found in the Permissions Callbacks.
- The permissions callback is an element of the authentication process that only allows authorized users access to REST API Endpoints.
- Sensitive Information Disclosure and Unprotected REST-API to Email Injection are the two vulnerabilities.
Recommendations
- FastPixel Website Accelerator - FastPixel is an all-in-one WordPress plugin that automatically applies all the optimizations you can think of to make your website faster. This includes image optimization, Critical CSS, CDN delivery, automatic next-gen WebP conversion, minification for CSS/JS/HTML.
- SimpleTraffic - drives real visitors to your website, blog, or affiliate link. Get started with 2500 free visitors on your 5 day free trial!
- BrandPush - gets you featured on 200+ news sites. Go viral with massive exposure like Daily Herald, Newsmax, Fox News, etc.!
- MediaServe - is a web hosting service that values free speech, providing content policies and support aligned with these values. It is also known to offer conservative web hosting.
- Leaver - is a web hosting service tailored for conservatives, providing content policies and support aligned with conservative values --- the web hosting for conservatives.
- Nitropack - Unleash lightning-fast website performance like never before! Get your FREE account now!
- Fokas Beyond: Stock Market Courses in Australia - Click to watch the masterclass. Register Now for FREE!
- FMC Catering Services in Cebu - Food catering services provider in Cebu Philippines.
- Ngohiong - order now at P150 (around $3) per pack of 10 pieces.
- i-Ville.com: Teenage Fashion Trends - 12 Hottest Teenagers Fashion Trends in 2023
- B2B SaaS - B2B SaaS is transforming the way businesses operate. Discover trends, benefits, challenges, and how to leverage it with Twibi.
- CWG Speakers, your reliable speakers agency: Find a keynote speaker for your event featuring Bilahari Kausikan, Nir Eyal, Mo Gawdat, Konstantin Kisin, Cheng Li, Ayesha Khanna, Alessia Zecchini, and more keynote speakers and experts.
- Pictory - Create videos QUICKLY from scripts, articles, videos, or other channels.
Discover more tools - See our recommended tools, software, and services.