A critical vulnerability in the WordPress plugin used on more than a million websites has been patched up after evidence emerged that hackers were exploiting it in attacks.
WordPress has released an automatic update to the popular Ninja Forms plugin after security researchers from WordFence warned that the vulnerability “could allow attackers to execute arbitrary code or delete arbitrary files on sites.”
In short, an attacker without authentication could take advantage of a security flaw in the Ninja Forms WordPress plugin to run the code of their choice and gain complete control over the vulnerable website.
That’s why WordPress has launched a forced update of WordPress websites that use vulnerable versions of the add-on.
This forced update of the plugin surprised some website ownersbecause it happened without prior notice.
According to WordFence, the bug is completely patched in versions 18.104.22.168, 3.1.10, 3.2.28, 22.214.171.124, 126.96.36.199, 188.8.131.52 and 3.6.11.
Source: Informacija.rs by www.informacija.rs.
*The article has been translated based on the content of Informacija.rs by www.informacija.rs. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!
*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.
*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!