Bleeping Computer

WordPress plugin ‘Gravity Forms’ vulnerable to PHP object injection

The premium WordPress plugin 'Gravity Forms,' currently used by over 930,000 websites, is vulnerable to unauthenticated PHP Object Injection. Gravity Forms is a custom form builder website owners use ...
Graham Cluley

Ninja Forms WordPress plugin, actively exploited in wild, receives forced security update

A critical vulnerability in a WordPress plugin used on over one million websites has been patched, after evidence emerged that malicious hackers were actively exploited in the wild. WordPress has ...
Threat Post

Ninja Forms WordPress Plugin Bug Opens Websites to Hacks

The popular plugin is installed on more than 1 million websites, and has four flaws that allow various kinds of serious attacks, including site takeover and email hijacking. Ninja Forms, a WordPress ...
ZDNet

Ninja Forms WordPress bug exposed over a million users to XSS attacks, website hijacking

The Ninja Forms WordPress plugin harbored a severe security flaw that could be used for website takeover through the creation of new administrator accounts. Ninja Forms is a drag-and-drop contact form ...
Bleeping Computer

Ninja Forms WordPress plugin patch prevents takeover of 1M sites

The developers of Ninja Forms, a WordPress plugin with more than 1 million installations, have fixed a high severity security vulnerability that can let attackers inject malicious code and take over ...
TechRadar

Nasty WordPress plugin vulnerabilities puts over a million sites at risk

Two vulnerabilities in the popular Ninja Forms WordPress plugin could’ve enabled threat actors to export sensitive information and send phishing emails from a vulnerable site, report security ...