{"id":21875,"date":"2021-10-27T09:39:24","date_gmt":"2021-10-27T07:39:24","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=21875"},"modified":"2022-06-01T01:21:05","modified_gmt":"2022-05-31T23:21:05","slug":"wordpress-sicherheitslcke-in-ninja-forms-plugin","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2021\/10\/27\/wordpress-sicherheitslcke-in-ninja-forms-plugin\/","title":{"rendered":"WordPress: Vulnerability in Ninja Forms Plugin"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" alt=\"\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2014\/07\/wp_thumb.jpg\" width=\"64\" align=\"left\" height=\"64\">[<a href=\"https:\/\/www.borncity.com\/blog\/2021\/10\/27\/wordpress-sicherheitslcke-in-ninja-forms-plugin\/\" target=\"_blank\" rel=\"noopener\">German<\/a>]There is a new vulnerability in the WordPress plugin Ninja Forms that affects all versions up to 3.6.3. An SQL injection is potentially possible via the vulnerability, so that database queries via input fields are conceivable. The plugin provider released version 3.6.4 two days ago.<\/p>\n<p><!--more--><\/p>\n<p>The Ninja Forms plugin allows to design forms in WordPress sites and comes to over 1 million active installations. However, the plugin catches my eye with frequent vulnerabilities, as recently as September 22, 2021 WordFence had reported a vulnerability here. Now another vulnerability has been fixed with version 3.6.4, with no real details revealed. <\/p>\n<p><img decoding=\"async\" src=\"https:\/\/i.imgur.com\/CyT0CUe.png\"><\/p>\n<p>I came across the issue via above German <a href=\"https:\/\/twitter.com\/heisec\/status\/1453033955234623496\" target=\"_blank\" rel=\"noopener\">tweet<\/a> from site heise. Details were published by heise in <a href=\"https:\/\/www.heise.de\/news\/WordPress-Erneute-Sicherheitsluecke-im-Plugin-Ninja-Forms-6229249.html\" target=\"_blank\" rel=\"noopener\">this German post<\/a>, as well in this English-language post is available here. Those who rely on the plugin (I don't use this plugin myself) should update it to version 3.6.4 promptly. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]There is a new vulnerability in the WordPress plugin Ninja Forms that affects all versions up to 3.6.3. An SQL injection is potentially possible via the vulnerability, so that database queries via input fields are conceivable. The plugin provider released &hellip; <a href=\"https:\/\/borncity.com\/win\/2021\/10\/27\/wordpress-sicherheitslcke-in-ninja-forms-plugin\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,1547],"tags":[69,359],"class_list":["post-21875","post","type-post","status-publish","format-standard","hentry","category-security","category-software","tag-security","tag-wordpress"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/21875","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=21875"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/21875\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=21875"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=21875"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=21875"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}