Last month, on August 3, 2021, two major security flaws were discovered in a word press plugin called Ninja Forms, as a result of which the data of roughly 1,000,000 users become vulnerable to hackers.
A hacker might leverage these flaws to obtain confidential data and send random emails from a susceptible site, which ultimately will cause trouble to innocent people. On August 3, 2021, when ninja forms learned about these flaws they immediately addressed the issue and ensured their users to fix the flaws as soon as possible.
To prevent its users from being a victim of a massive cyberattack ninja form had given a set of firewall norms to the users of the premium version of Wordfence on August 3. The users can immunize themselves against cyber attacks following these norms. Following the concern on September 7, 2021, a modified version of update 3.5.8 was also issued.
Users are required to update to this latest modified version to protect themselves against being hacked. Not only website subscribers but the flaw can also be leveraged to dupe a site admin into inputting their password on a bogus login page and enable a hacker to access the database of the website using the ninja plugin.
This isn’t the first time a security flaw has been discovered in ninja form; a year ago, four security flaws in the WordPress plugin were also discovered, putting the data of several major websites at risk.