Get started today. Now with 10-16% off!

Critical Vulnerability Patched in Ninja Forms WordPress Plugin <= 3.6.10

Jun 15, 2022

Recently information about two code injection vulnerabilities surfaced the web that made it possible for unauthenticated attackers to call a limited number of methods in various Ninja Forms classes, including a method that unserializes user-supplied content, resulting in Object Injection. This could allow attackers to execute arbitrary code or delete arbitrary files on sites where a separate POP chain was present. It is recommended that you update your sites immediately. In order to avoid web site crashes and to assure timely security updates it is best to use our WordPress Maintenance Service.

WordPress Ninja Forms plugin <= 3.6.10 – Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability discovered in WordPress Ninja Forms plugin (versions <= 3.6.10). Update the WordPress Ninja Forms plugin to the latest available version (at least 3.6.11).

Read more about this bug: external link here.

WordPress Ninja Forms plugin <= 3.6.9 – Authenticated Stored Cross-Site Scripting (XSS) vulnerability

The Ninja Forms Contact Form WordPress plugin before 3.6.10 does not sanitise and escape field labels, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. Impact on the code: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’). The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Read more about this bug: external link here and here.


Standard Plan

$6999USD/m NOW $58/m89/m
billed yearly or $99 $89 month-by-monthmonthly and $149 set-up fee

WordPress Maintenance and Security Updates

We will update your WordPress core, plugins and themes constantly plus you will get 20 more security features.

Save $360/yearly (30%)
and avoid $149 set-up fee!

Save additional 1610% NOW!

Pay $699 yearly ($58/month)Pay $238 now, $89 monthly afterwards

Available for websites with themes and plugins from WordPress.org repository only.

Ready to Join?

Pay $699 yearly ($58/month)
(upgrade to the PRO PLAN at any time)