Donweb MediaMay 3

Ninja Forms: falla crítica expone 50.000 sitios

CVE-2026-0740 en Ninja Forms File Upload permite ejecución remota sin credenciales. 50.000 sitios afectados. Actualizá a 3.3.27 ahora y revisá si ya fui...

https://seguridadenwordpress.com/ninja-forms-vulnerabilidad-cve-2026-0740-file-upload/

#ninjaforms #cve20260740 #fileuploadrce #wordpressseguridad #ejecuciónremota

Ninja Forms: falla crítica expone 50.000 sitios - Seguridad en Wordpress

Falla crítica CVSS 9.8 en Ninja Forms File Upload 3.3.26 permite a atacantes subir PHP sin autenticarse. Hay explotación activa. La versión 3.3.27 corrige el problema.

Seguridad en Wordpress
Donweb MediaApr 17

Alerta: Vulnerabilidad crítica en Ninja Forms

Actualmente explotan vulnerabilidad crítica en Ninja Forms. Más de 50,000 sitios WordPress afectados. Actualiza el plugin a versión 3.3.27 inmediatamente.

https://donweb.news/vulnerabilidad-ninja-forms-wordpress/

#wordpress #seguridad #ninjaforms #vulnerabilidad #plugin

Alerta: Vulnerabilidad crítica en Ninja Forms - DonWeb News

Atacantes están explotando una vulnerabilidad crítica en Ninja Forms. Más de 50,000 sitios WordPress están en riesgo. Actualiza inmediatamente a versión 3.3.27.

DonWeb News
Analyst207Apr 9

Ninja Forms Flaw Exposes WordPress Sites to Code Execution Risk

A critical vulnerability in the popular Ninja Forms plugin has been discovered, allowing hackers to upload and execute malicious code on WordPress sites without needing login credentials. If you're using Ninja Forms, update to version 3.3.27 immediately to protect your site from remote code execution attacks.

https://osintsights.com/ninja-forms-flaw-exposes-wordpress-sites-to-code-execution-risk?utm_source=mastodon&utm_medium=social

#RemoteCodeExecution #Wordpress #NinjaForms #Vulnerability #ArbitraryFileUpload

Ninja Forms Flaw Exposes WordPress Sites to Code Execution Risk

Update Ninja Forms now to prevent code execution risk. Learn how to secure your WordPress site from critical vulnerability in popular form builder plugin.

OSINTSights
The New OilApr 8

Hackers exploit critical flaw in #NinjaForms #WordPress plugin

https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-flaw-in-ninja-forms-wordpress-plugin/

#cybersecurity

Hackers exploit critical flaw in Ninja Forms WordPress plugin

A critical vulnerability in the Ninja Forms File Uploads premium add-on for WordPress allows uploading arbitrary files without authentication, which can lead to remote code execution.

BleepingComputer
Analyst207Apr 7

Hackers Exploit Flaw in Ninja Forms WordPress Plugin

A critical vulnerability in the Ninja Forms File Uploads premium WordPress plugin allows hackers to upload malicious files and execute code on your server - putting your entire site at risk. This flaw lets unauthenticated users wreak havoc, making it essential to take immediate action to protect your online presence.

https://osintsights.com/hackers-exploit-flaw-in-ninja-forms-wordpress-plugin

#Wordpress #NinjaForms #FileUploads #RemoteCodeExecution #Vulnerability

Hackers Exploit Flaw in Ninja Forms WordPress Plugin

Hackers exploit Ninja Forms WordPress plugin flaw to upload malicious files. Learn how to protect your site now and prevent remote code execution attacks effectively today.

OSINTSights
Mark JonesNov 2, 2023

The Ninja Forms element is broken in Visual Composer and displays as "Ninja Forms plugin not installed" on the page instead of the form.

To fix simply replace the VC Ninja Forms element with a regular Wordpress shortcode one

Now off to fix several client sites effected by this

#Wordpress #NinjaForms #VisualComposer

Marcel SIneM(S)USAug 1, 2023
Sicherheitsupdate: #WordPress-Websites mit Plug-in #NinjaForms attackierbar | Security https://www.heise.de/news/Sicherheitsupdate-WordPress-Websites-mit-Ninja-Forms-Plug-in-attackierbar-9230884.html #WordPressPlugin #Patchday
Sicherheitsupdate: WordPress-Websites mit Plug-in Ninja Forms attackierbar

Angreifer könnten über eine Sicherheitslücke im Ninja-Forms-Plug-in auf eigentlich geschützte WordPress-Daten zugreifen.

heise online
Marusti WebDesignJul 31, 2023
Three flaws in #NinjaForms plugin for #WordPress impact 900K sites #WordPressSecurity #Security #cybersecurity https://securityaffairs.com/148993/security/ninja-forms-plugin-flaws.html
Three flaws in Ninja Forms plugin for WordPress impact 900K sites

Experts warn of vulnerabilities impacting the Ninja Forms plugin for WordPress that could be exploited for escalating privileges and data theft. The Ninja Forms plugin for WordPress is affected by multiple vulnerabilities (tracked as CVE-2023-37979, CVE-2023-38386, and CVE-2023-38393) that can be exploited by threat actors to escalate privileges and steal sensitive data. The WordPress plugin Ninja […]

Security Affairs
Marusti WebDesignJul 31, 2023
Sicherheitsupdate: #WordPress-Websites mit Plug-in #NinjaForms attackierbar | #Security https://www.heise.de/news/Sicherheitsupdate-WordPress-Websites-mit-Ninja-Forms-Plug-in-attackierbar-9230884.html #cybersecurity
Sicherheitsupdate: WordPress-Websites mit Plug-in Ninja Forms attackierbar

Angreifer könnten über eine Sicherheitslücke im Ninja-Forms-Plug-in auf eigentlich geschützte WordPress-Daten zugreifen.

heise online
FreemindJul 31, 2023

Three critical vulnerabilities have been discovered in this popular plugin, which could have serious consequences for users and website owners.

#cybersecurity #vulnerabilities #ninjaforms

https://cybersec84.wordpress.com/2023/07/31/ninja-forms-plugin-security-vulnerabilities-put-800000-sites-at-risk/

Ninja Forms Plugin Security Vulnerabilities Put 800,000 Sites at Risk

One of the most popular content management systems in the world, WordPress, is packed with a plethora of plugins and tools that extend its capabilities and functionality. Among these, one of the be…

CyberSec84