Cyber Security

Over a Million WordPress Sites Forcibly Updated to Patch a Critical Plugin Vulnerability

WordPress websites using a widely used plugin named Ninja Forms have been updated automatically to remediate a critical security vulnerability that’s suspected of having been actively exploited in the wild.

The issue, which relates to a case of code injection, is rated 9.8 out of 10 for severity and affects multiple versions starting from 3.0. It has been fixed in, 3.1.10, 3.2.28,,,, and 3.6.11.


Ninja Forms is a customizable contact form builder that has over 1 million installations.

According to Wordfence, the bug “made it possible for unauthenticated attackers to call a limited number of methods in various Ninja Forms classes, including a method that unserialized user-supplied content, resulting in Object Injection.”

“This could allow attackers to execute arbitrary code or delete arbitrary files on sites where a separate [property oriented programming] chain was present,” Chloe Chamberland of Wordfence noted.


Successful exploitation of the flaw could allow an attacker to achieve remote code execution and completely take over a vulnerable WordPress site.

Users of Ninja Forms are advised to ensure that their WordPress sites are updated to run the latest patched version to prevent any possible exploitation attempts in the wild.

Products You May Like

Articles You May Like

Google Researchers Detail 5-Year-Old Apple Safari Vulnerability Exploited in the Wild
Jupiter Might Have Eaten Baby Planets To Amass Metals: Scientists 
Gotham Knights Map Size: The ‘Biggest Version’ of Batman’s City in a Game Ever
Teenage Pulsar Reveals Itself to Astronomers, Possibly the Strongest Ever to Be Identified
Noise Expects to Make Its Revenue Double to Rs. 2,000 Crore in Current Fiscal Year

Leave a Reply

Your email address will not be published.