Vigil@nce - WordPress Ninja Forms: privilege escalation
September 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use WordPress Ninja Forms, in order to delete a
form.
– Impacted products: WordPress Plugins
– Severity: 2/4
– Creation date: 10/09/2014
DESCRIPTION OF THE VULNERABILITY
The Ninja Forms plugin can be installed on WordPress.
However, access permissions are not always checked.
An attacker can therefore use WordPress Ninja Forms, in order to
delete a form.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/WordPress-Ninja-Forms-privilege-escalation-15318