Security News > 2022 > June > Over a Million WordPress Sites Forcibly Updated to Patch a Critical Plugin Vulnerability
WordPress websites using a widely used plugin named Ninja Forms have been updated automatically to remediate a critical security vulnerability that's suspected of having been actively exploited in the wild.
Ninja Forms is a customizable contact form builder that has over 1 million installations.
According to Wordfence, the bug "Made it possible for unauthenticated attackers to call a limited number of methods in various Ninja Forms classes, including a method that unserialized user-supplied content, resulting in Object Injection."
"This could allow attackers to execute arbitrary code or delete arbitrary files on sites where a separate chain was present," Chloe Chamberland of Wordfence noted.
Successful exploitation of the flaw could allow an attacker to achieve remote code execution and completely take over a vulnerable WordPress site.
Users of Ninja Forms are advised to ensure that their WordPress sites are updated to run the latest patched version to prevent any possible exploitation attempts in the wild.
News URL
https://thehackernews.com/2022/06/over-million-wordpress-sites-forcibly.html
Related news
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Urgent: Critical WordPress Plugin Vulnerability Exposes Over 4 Million Sites (source)
- Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) (source)
- Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability (source)
- Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits (source)
- Experts Warn of Critical Unpatched Vulnerability in Linear eMerge E3 Systems (source)
- New Critical GitLab Vulnerability Could Allow Arbitrary CI/CD Pipeline Execution (source)
- Critical Veeam Vulnerability Exploited to Spread Akira and Fog Ransomware (source)
- WordPress Plugin Jetpack Patches Major Vulnerability Affecting 27 Million Sites (source)