Advertisement
Top
image credit: Pixabay

Multiple Flaws Found in Ninja Forms Plugin Leave 800,000 Sites Vulnerable

July 31, 2023

Via: The Hacker News
Category:

Multiple security vulnerabilities have been disclosed in the Ninja Forms plugin for WordPress that could be exploited by threat actors to escalate privileges and steal sensitive data.

The flaws, tracked as CVE-2023-37979, CVE-2023-38386, and CVE-2023-38393, impact versions 3.6.25 and below, Patchstack said in a report last week. Ninja Forms is installed on over 800,000 sites.

A brief description of each of the vulnerabilities is below –

  • CVE-2023-37979 (CVSS score: 7.1) – A POST-based reflected cross-site scripting (XSS) flaw that could allow any unauthenticated user to achieve privilege escalation on a target WordPress site by tricking privileged users to visit a specially crafted website.

Read More on The Hacker News

RELATED PUBLICATIONS

AI set to play key role in future phishing attacks
U.S. Gov imposed Visa restrictions on 13 individuals linked to commercial spyware activity
Report: Russian Hackers Targeting Ukrainian Soldiers on Apps

Latest Publications

Sweden’s liquor supply severely impacted by ransomware attack on logistics company
Autodesk Drive Abused in Phishing Attacks 
Google fixed critical Chrome vulnerability CVE-2024-4058
Security Curated Copyright © 2024. All rights reserved
Go to ITCurated!