SQL Injection Vulnerability in Ninja Forms Fixed
Recently we detected a SQL Injection vulnerability in Ninja Forms, which is one of the most popular WordPress plugins. However, the issue was quickly resolved and you are still safe with us.
For the past few days this has been a very hot topic among the WordPress community. In a nutshell – the vulnerability enables hackers to execute SQL queries in order to easily gain access to the website’s database. The vulnerability is due to the fact that the plugin does not properly validate input user data which enables executing the SQL Injection in the database.
This allows any registered WordPress user to breach into the system regardless of the access level.
But fixing this vulnerability is already a feature of our Security system. Just in case, we recommend that you upgrade the plugin to the last version available.