Let's get back to talking about very popular plugins and themes and the dangerous vulnerabilities that have been found w
Posted: Sun Jan 12, 2025 4:14 am
Finally, it is important to remember that SEO is not written afghanistan phone data in stone and that therefore you need to be resilient and able to solve new problems in new ways or look at issues already addressed from different points of view. Artificial intelligence can learn but, and it will have happened at least once, sometimes it is quicker to do things yourself than to wait for others to learn.
The reports come once again from the Wordfence database and in total concern over one million and 600 thousand users, including users of vulnerable plugins and those who downloaded the themes at risk.
Dangerous Plugins
Let's start with the two reports that concern the Ninja Forms plugin and the Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin . The first plugin is spread on about 800 thousand websites while the second has been installed over 300 thousand times.
It is important to underline that the vulnerabilities are not related to each other but were simply discovered temporally close. Also because they are very different vulnerabilities . As far as Ninja Forms is concerned, the vulnerability is a particular form of Cross-Site Scripting: a Reflected Cross-Site Scripting .
It is a vulnerability that to be exploited by a user with malicious intentions but it needs some preliminary steps but this does not make it less dangerous. The vulnerability, also called Reflected XSS, in fact allows a malicious user who manages to gain access by connecting, as a sort of parasite, to a legitimate admin-level user to enter and obviously be able to do what he wants with the website, given the privileges that the admin account has.
As we were saying, however, the user who has been targeted, the one who has been identified as the WordPress site admin, must perform certain actions such as clicking on a link that allows the illegal activity to start. The vulnerability is currently being evaluated and therefore there is no score that identifies it on the classic scale also used by Wordfence from 1 to 10.
The reports come once again from the Wordfence database and in total concern over one million and 600 thousand users, including users of vulnerable plugins and those who downloaded the themes at risk.
Dangerous Plugins
Let's start with the two reports that concern the Ninja Forms plugin and the Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin . The first plugin is spread on about 800 thousand websites while the second has been installed over 300 thousand times.
It is important to underline that the vulnerabilities are not related to each other but were simply discovered temporally close. Also because they are very different vulnerabilities . As far as Ninja Forms is concerned, the vulnerability is a particular form of Cross-Site Scripting: a Reflected Cross-Site Scripting .
It is a vulnerability that to be exploited by a user with malicious intentions but it needs some preliminary steps but this does not make it less dangerous. The vulnerability, also called Reflected XSS, in fact allows a malicious user who manages to gain access by connecting, as a sort of parasite, to a legitimate admin-level user to enter and obviously be able to do what he wants with the website, given the privileges that the admin account has.
As we were saying, however, the user who has been targeted, the one who has been identified as the WordPress site admin, must perform certain actions such as clicking on a link that allows the illegal activity to start. The vulnerability is currently being evaluated and therefore there is no score that identifies it on the classic scale also used by Wordfence from 1 to 10.