While plugins are granting great flexibility to WordPress, sometimes they also risk the websites with their security flaws. Last month, we have seen the Jupiter theme and its plugins were critically vulnerable. And now, Ninja Forms, one of the most popular drag and drop form builders is putting websites at risk.

The plugin was force updated

Ninja Forms has pushed a force update for its users to fix the critical vulnerability in its code. The vulnerability exists in 3.0 and later versions of Ninja Forms and it is fixed in the 3.6.11 version, which was the version that was forced. The flaw is a code injection vulnerability that allows attackers completely take over the websites by utilizing several exploitation chains.

Ninja Forms is a very popular plugin that currently has over 1 million installations. While the developers pushed a force update for the plugin, we recommend you to check whether it is up-to-date (3.6.11) or not. If the force update process somehow failed, that means your WordPress website is at great risk. In this case, you should update the plugin manually via the Plugins dashboard on the WordPress administrator interface.