{"id":1275,"date":"2016-08-17T23:18:24","date_gmt":"2016-08-17T21:18:24","guid":{"rendered":"http:\/\/borncity.com\/win\/?p=1275"},"modified":"2016-08-17T23:18:24","modified_gmt":"2016-08-17T21:18:24","slug":"sql-injection-vulnerability-in-ninja-forms","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2016\/08\/17\/sql-injection-vulnerability-in-ninja-forms\/","title":{"rendered":"SQL Injection Vulnerability in Ninja Forms"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" src=\"http:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/01\/Schutz.jpg\" width=\"40\" align=\"left\" height=\"47\">Security firm Sucuri has informed me, that the WordPress Ninja Forms plugin has a critical SQL Injection Vulnerability.<\/p>\n<p><!--more--><\/p>\n<p>The vulnerability has been found during regular research audits for the <a href=\"http:\/\/t.hsms06.com\/e1t\/c\/*VvjYtW4yHfjZW96WP6s8x003X0\/*W56P_Lb90cHJ1W3cx7sQ77Fs960\/5\/f18dQhb0Sjv78XJ8K-W7G8LHJ4mQf6dN7gbCcHfmMlFW3hHh8k2P7_nXVcnTGj98PSXhW6256hC4s2wsTW8p7z-y5C9gvgW3Tm8C18nWdkZW999f656PVKcrW6N3nBL8xGZLZW6203Qc2ybScZW25FVD37_djc7W2xrqD-56QhMXW96zRPS6bT6L3W8RzZSQ96LgbNW5DQqTK57mlYfW69NG1w6Pr5qtW51vDG64MW8X3W4r1Pm71nq9stW18dKPT1VJrykW5lX8fq13bD4hW6dklYD9dhBXjW5lkYJg52rksXW1FpfyD5MhLMsW7HzH202SwkZhW5NlhhH2fmRPVW7q6MGc4cXfNXV6W3-K4QSQC9W850yfP54lBjKW1gR-Xx57jhsLN2RR8Bm701ybMpmlfn6_d9gV7vvht7Ky2g2W8nDXSj396ZPNN22TNxn9Mb5mW471MMh8n13kBN1P4JzDdP94GW1mGQdp2LdjVlN3FVc8GBbCPxW4yrSpN72zJjwW81NcnX4bjC_3W3D31f38swXJVW1NwBMj1MKd9tf5NzQ1j11\" target=\"_blank\">Sucuri Firewall<\/a>. Sucuri researchers discovered an SQL Injection vulnerability affecting the Ninja Forms plugin for WordPress, <a href=\"http:\/\/t.hsms06.com\/e1t\/c\/*VvjYtW4yHfjZW96WP6s8x003X0\/*W1XHpN53m5l3HW6tTVQD2qYpfN0\/5\/f18dQhb0SbTM8YHtdnW7G8LHJ4mQf6dN7gbCcHfmMlFW3hHhb52P7_nXVcnTGj992jrcW1vYC6_7dcRtwW2yZ4gN25MbwVW4sgwpV5CR5j_W6QQLmh6PytH2W61SSZm7mG7sDW51vX4y6GT493W4s2zdt2JcGqXW1n8BxP25NB-NW7cwQjk7dDxTNW7mWsnX7dz8FNW1nY85c1nbj7VW3WdxCq6Pkt_VW62_rW_6P4lCXW3Wdpf07nwG0kW6bnMRg4MG1XlW6b-vF067h1zcMQC5z2PC2cVW8yMsNg5Dk3twV8YqhG6SqTQPW5y-g7r29zQXnW1p1nfF26LycNW4YxQdm6LK2rGW5F35WM3Q1f-mW4rpCfY3k0QvxW3P0Wft6Nbf8kW5FVGJF2vK6sfW3L24qC3M1X5gW5r9MbG3Lyfd2W1lSDg64Rj6NhW6BkmL86t_HvdW8Ph58-59BvjYW2PzLwk7psnLPW859Z8W5bWRGsV10Nbd5x6QY6W3TgYwn2kHvzzW2vKvSS6B7QK7W3pZkvd1C5Gh8W5Clvgm7MY67TN3wLfM41MgRyf8xqN5z03\" target=\"_blank\">currently installed on 600,000+ websites<\/a>.<strong><br \/><\/strong> <\/p>\n<p>The attack vector used to exploit this vulnerability requires the attacker to have an account on the victim's site. It doesn't matter what the account privileges are \u2013 for example, a subscriber could exploit this issue<strong>.<\/strong> The issue occurs because the plugin doesn't escape parameters provided by its shortcodes before concatenating it to an SQL query. <\/p>\n<p>A malicious individual using this bug could (among other things)<strong>&nbsp;<\/strong>leak the site's usernames and hashed passwords. In certain configurations, it can also leak WordPress secret keys. The patched version <strong><\/strong>2.9.55.2 of Ninja Forms plugin closes the vulnerability. Futher details may be found <a href=\"https:\/\/blog.sucuri.net\/2016\/08\/sql-injection-vulnerability-ninja-forms.html?utm_campaign=Vulnerability+Alerts&amp;utm_source=hs_automation&amp;utm_medium=email&amp;utm_content=33060344&amp;_hsenc=p2ANqtz-9emEG2M4d8cSpWB5JUvhVaySnsZmvPOpnvNCagIofUmeg6Sa3eyJEGc8SH5_PcLTsIfkim6v09VYIn86xiLHr6kmMpyg&amp;_hsmi=33060344\" target=\"_blank\">in Sucuri blog<\/a>.&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Security firm Sucuri has informed me, that the WordPress Ninja Forms plugin has a critical SQL Injection Vulnerability.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[71],"tags":[69,359],"class_list":["post-1275","post","type-post","status-publish","format-standard","hentry","category-computer","tag-security","tag-wordpress"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/1275","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=1275"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/1275\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=1275"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=1275"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=1275"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}