The WordFence Threat Intelligence team has identified vulnerabilities in Ninja Forms. This plugin is used to create online forms in over a million WordPress websites.
Ninja Forms is very popular as it uses a drag and drop interface to simplify the creation of forms. It also offers a comprehensive array of functionality including:
- Conditional logic
- Multistep forms
- File Uploads
- Generates a PDF of the submission
- Interfaces with Zapier
- Export submissions to Excel
- Accept payments from a range of payment systems
- Integration with a range of eMail and CRM systems
- User Analytics and Management
- and much more
Saturday Drive, the plugin’s parent company immediately responded with an updated version, 126.96.36.199, which should be updated on any site using Ninja Forms immediately, to aoivd the risk of hackers taking advantage of your site via this exploit.