Vulnerabilities Found in WordPress Contact Form Plugins

Two of the most popular WordPress contact form plugins, Ninja Forms, and Fluent Forms, have been found to contain security vulnerabilities that could potentially affect over 1.1 million websites.

Ninja Forms Vulnerability

Ninja Forms is vulnerable to a reflected cross-site scripting (XSS) attack. This means that an attacker could trick an administrator into clicking a malicious link, potentially gaining unauthorized access to the website.

Fluent Forms Vulnerability

Fluent Forms has a missing capability check that could allow unauthorized users to modify the Mailchimp API key used for integration. This vulnerability could lead to data leaks or other security issues.

Recommended Action

Users of both plugins are strongly advised to update to the latest versions immediately. The latest version of Ninja Forms is 3.8.14, and the latest version of Fluent Forms is 5.2.0.

Security Expert’s Analysis

According to security experts at Wordfence, the Fluent Forms vulnerability could allow attackers to redirect integration requests to a server controlled by the attacker. This could potentially lead to data theft or other malicious activities.

Protect Your Website

By updating to the latest versions of these plugins, you can help protect your website from these vulnerabilities and reduce the risk of a security breach.

Let’s connect with Unique Web Studios for more news and Web Development Services.