Four vulnerabilities were disclosed recently with Ninja Forms, a WordPress plugin that is used by over a million sites. These vulnerabilities could possibly allow attackers to capture email and release sensitive information from the website, redirect site administrators, establish a Ninja Forms OAuth connection, and disconnect a Ninja Forms OAuth connection.
These flaws have been fully patched in version 188.8.131.52. We recommend that users immediately update to the latest version available, which is version 3.5.0 at the time of this post.
Details of the possible vulnerabilities:
- First possible flaw made it possible for attackers to redirect site administrators to arbitrary locations.
- The second flaw made it possible for attackers with subscriber level access or above to install a plugin that could be used to intercept all mail traffic.
- The third flaw made it possible for attackers with subscriber level access to retrieve the Ninja Form OAuth Connection Key that could be used to establish a connection with the Ninja Forms central management dashboard.
- The final flaw made it possible for attackers to disconnect a site’s OAuth Connection if they could trick a site’s administrator into performing an action.
These flaws could be used to take over a WordPress site and redirect site owners to malicious sites. A detailed description of the exposures are well explained by Wordfence. Read it here.
We highly recommend passing this advisory to your friends or colleague who is using this plugin on their website. This should help them to keep their sites protected as these are considered critical severity issues that can result in remote code execution.