WordPress Vulnerabilities Digest - June 2022, Special Edition

Each vulnerability will have a severity rating oflow, medium, high, or critical. Responsible disclosure and reporting of vulnerabilities is an integral part of keeping the WordPress community safe.

Due to the size of the active install base of the Ninja Forms plugin, along with the critical nature of the vulnerability, the WordPress core team issued a forced security update last week. Any site running the Ninja Forms plugin needs to make sure their site has been successfully updated to version 3.6.11+ immediately!

WordPress Plugin Vulnerabilities

1. Ninja Forms

PLUGIN Ninja Forms Contact Form The Drag and Drop Form Builder for WordPress INSTALLATIONS 1,000,000+ VULNERABILITY Unauthenticated PHP Object Injection PATCHED IN VERSION 3.6.11 SEVERITY SCORE Critical

The vulnerability has been patched, so you should update to version 3.6.11.

The PoC will be displayed on July 15, 2022, to give users time to update.

If you are under WordPress Managed Maintenance plan - there is nothing to worry about as we've taken the necessary steps to protect your sites. Yay!

The information for this blog post was taken from iThemes Vulnerability Roundup

If you're not under our maintenance plan... well, what are you waiting for? Sign-up today!