If you are using the Ninja Forms plugin, the latest update rolled out by WordPress is important for you.
The CMS has forced the update of more than a million sites that use a plugin victim of a critical security flaw. And it has already been actively exploited…
Vulnerable Ninja Forms WordPress Plugin
The plugin in question is Ninja Forms, which allows you to create custom contact forms. The vulnerability gets a CVSS score of 9.8/10. Exploited, it allows hackers to execute arbitrary code or delete files on certain sites.
According to Wordfence, WordPress’ cybersecurity team, the security flaw makes it possible for unauthenticated attackers to inject malicious code through Ninja Forms. This can thus lead to the complete takeover of the vulnerable site.
The owners of a site under WordPress do not in principle have to perform any manipulation to protect themselves from this security flaw. The update has been rolled out automatically, and you can now continue using Ninja Forms.