[German]There is a new vulnerability in the WordPress plugin Ninja Forms that affects all versions up to 3.6.3. An SQL injection is potentially possible via the vulnerability, so that database queries via input fields are conceivable. The plugin provider released version 3.6.4 two days ago.
The Ninja Forms plugin allows to design forms in WordPress sites and comes to over 1 million active installations. However, the plugin catches my eye with frequent vulnerabilities, as recently as September 22, 2021 WordFence had reported a vulnerability here. Now another vulnerability has been fixed with version 3.6.4, with no real details revealed.
I came across the issue via above German tweet from site heise. Details were published by heise in this German post, as well in this English-language post is available here. Those who rely on the plugin (I don't use this plugin myself) should update it to version 3.6.4 promptly.
Cookies helps to fund this blog: Cookie settings