Threat Post

Ninja Forms WordPress Plugin Bug Opens Websites to Hacks

The popular plugin is installed on more than 1 million websites, and has four flaws that allow various kinds of serious attacks, including site takeover and email hijacking. Ninja Forms, a WordPress ...
Searchenginejournal.com

Vulnerabilities In Two WordPress Contact Form Plugins Affect +1.1 Million

Advisories have been issued regarding vulnerabilities discovered in two of the most popular WordPress contact form plugins, potentially affecting over 1.1 million installations. Users are advised to ...
Bleeping Computer

Ninja Forms WordPress plugin patch prevents takeover of 1M sites

The developers of Ninja Forms, a WordPress plugin with more than 1 million installations, have fixed a high severity security vulnerability that can let attackers inject malicious code and take over ...
Bleeping Computer

WordPress Ninja Forms plugin flaw lets hackers steal submitted data

Popular WordPress form-building plugin Ninja Forms contains three vulnerabilities that could allow attackers to achieve privilege escalation and steal user data. Researchers at Patchstack discovered ...
Searchenginejournal.com

WordPress Contact Form Entries Plugin Vulnerability Affects 70K Websites

A vulnerability advisory was issued for a WordPress plugin that saves contact form submissions. The flaw enables unauthenticated attackers to delete files, launch a denial of service attack, or ...
heise online

WordPress: Schwachstelle in Plugin "Contact Form 7 Style" dauerhaft ungefixt

Die Macher des Sicherheits-Plugins Wordfence für das CMS WordPress haben eine Schwachstelle mit "High"-Einstufung (CVSS-Score 8.8) im Plugin "Contact Form 7 Style" entdeckt. Sie betrifft alle ...
heise online

Angreifer können Wordpress-Websites mit Everest-Forms-Plug-in übernehmen

Davor warnt Wordfence in einem Beitrag. Sie geben an, dass die Lücke (CVE-2025-1128) über ihr Bug-Bounty-Programm gemeldet wurde. An der Schwachstelle sollen entfernte Angreifer ohne Authentifizierung ...