SQL Injection Vulnerability in Ninja Forms
If you are running Ninja forms, check your version immediately. The experts at Sucuri run regular audits on their Sucuri Firewall and discovered a major vulnerability in Ninja Forms in versions 220.127.116.11 and earlier. If you are running one of these versions, make sure you update to the patched version of 18.104.22.168.
The vulnerability can be exploited by any registered user, even at a subscriber role. If you allow user registration and run Ninja Forms, take extra note of this vulnerability and update immediately. The vulnerability comes from a $meta_value variable concatenated to an SQL query without being escaped first. As we have mentioned in previous posts (XSS, What is it and should I be concerned?) this can be a huge vulnerability.
This particular function can be exploited through a shortcode that contains a list of parameters in their raw unescaped value. Sucuri showed an example on their blog [ninja_forms_display_sub_number id=”123′ SQL INJECTION OCCURS HERE”] of how easy it was to exploit. The reason this is such a big vulnerability is because this can be performed by any registered user even with the role of a subscriber as mentioned earlier.
If you would like to take a more in-depth look at this vulnerability take it from the experts at Sucuri Sucuri – Ninja Forms SQL Injection
If you have a WordPress website, we can help keep your site protected. To learn more about the WordPress Security & Maintenance Services that Red Technologies provides, visit What We Do or give us a call at 612-310-7972.
Disclaimer: We are not certified security experts. We are giving a high-level overview of web security so that you can be more informed about some of the most common security vulnerabilities to look out for when developing or finding a developer. We will also be sharing some resources to help you continue your research on web security.