arrow Products
arrow Products
Glide CMS image Glide CMS image
Glide CMS arrow
The powerful intuitive headless CMS for busy content and editorial teams, bursting with features and sector insight. MACH architecture gives you business freedom.
Glide Go image Glide Go image
Glide Go arrow
Enterprise power at start-up speed. Glide Go is a pre-configured deployment of Glide CMS with hosting and front-end problems solved.
Glide Nexa image Glide Nexa image
Glide Nexa arrow
Audience authentication, entitlements, and preference management in one system designed for publishers and content businesses.
arrow Solutions
For your sector arrow arrow
Media & Entertainment
arrow arrow
Built for any content to thrive, whomever it's for. Get content out faster and do more with it.
Sports & Gaming
arrow arrow
Bring fans closer to their passions and deliver unrivalled audience experiences wherever they are.
Publishing
arrow arrow
Tailored to the unique needs of publishing so you can fully focus on audiences and content success.
For your role arrow arrow
Technology
arrow arrow
Unlock resources and budget with low-code & no-code solutions to do so much more.
Editorial & Content
arrow arrow
Make content of higher quality quicker, and target it with pinpoint accuracy at the right audiences.
Developers
arrow arrow
MACH architecture lets you kickstart development, leveraging vast native functionality and top-tier support.
Commercial & Marketing
arrow arrow
Speedrun ideas into products, accelerate ROI, convert interest, and own the conversation.
arrow Partners
Technology Partners arrow arrow
Explore Glide's world-class technology partners and integrations.
Solution Partners arrow arrow
From data and analytics to SEO and design consultancies, tap into Glide's solution partners and worldwide sector experts.
arrow Resources
Industry Insights arrow arrow
News
arrow arrow
News from inside our world, about Glide Publishing Platform, our customers, and other cool things.
Comment
arrow arrow
Insight and comment about the things which make content and publishing better - or sometimes worse.
Newsletter
arrow arrow
The Content Aware weekly newsletter, with news and comment every Thursday.
Knowledge arrow arrow
Customer Support
arrow arrow
Learn more about the unrivalled customer support from the team at Glide.
Documentation
arrow arrow
User Guides and Technical Documentation for Glide Publishing Platform headless CMS, Glide Go, and Glide Nexa.
Developer Experience
arrow arrow
Learn more about using Glide headless CMS, Glide Go, and Glide Nexa identity management.
Book a demo
Book a demo

Latest WordPress plug-in security issue exposes user data

Major exploits identified in a form building plug-in have potentially exposed users to malicious actors

by Rob Corbidge
Published: 13:27, 31 July 2023

Rob Corbidge is Head of Content Intelligence at Glide Publishing Platform, applying the latest knowledge about advances and ideas in the publishing industry to our own product and helping clients get the most from their content.

Keyboard keys made of eyes by Stable Diffusion

Hundreds of thousands of websites have been affected by the latest WordPress plug-in security issue, with the exposed personal details of site users at the heart of the security headache.

Popular plug-in Ninja Forms, used to create onsite forms and with over 900,000 active installations, was found to have three distinct vulnerabilities in latest version released to customers. The vulnerabilities, according to Patchstack, could result in actors with malicious intent to achieve "privilege escalation" within the affected site's CMS and steal user data.

Users of the plug-in have been urged to update to the latest version of Ninja Forms, which patches the security issue. Precise information about the nature of the exploits was delayed for a number of weeks after they were discovered in order to give admins time to install a secure update from Ninja Forms.

However, as Bleeping Computer have pointed out, many installs of the plug-in remain without such an update, meaning hundreds of thousands of sites and their associated user data are at risk.

Such WordPress plug-in issues almost certainly aren't avoidable, given the number of sites that run on WP globally. There will always be exploits when a system relies on plug-ins and customisation to make it work for the client. 

The consequent, and constant, maintenance cost is either one publishers must accept in order to eliminate risk to their publishing systems, or they must be able to live with a degree of risk, a risk made more complex as each each WordPress install becomes a unique install over time.

 

Latest articles

Watch out OpenAI - the mum's are coming for you
Content Aware media news: July 25, 2024
arrow button
a robot signing a ownership of a piece of content
Content Aware media news: July 18, 2024
arrow button
a birthday cake with "150" written on it
Content Aware media news: July 11, 2024
arrow button

Ready to get started?

No matter where you are on your CMS journey, we're here to help. Want more info or to see Glide Publishing Platform in action? We got you.

Book a demo
Address

8 Orsman Road,


London, N1 5QJ,

United Kingdom.

Linkedin Logo