New Delhi, January 1, 2025-A critical WPForms vulnerability risks data breaches and revenue loss. CERT-In urges users to update immediately to prevent potential exploitation.
CERT-In has issued a high-severity alert for a critical vulnerability in the WPForms WordPress plugin, affecting versions 1.8.4 through 1.9.2.1.
This flaw, tracked as CVE-2024-11205, enables attackers to exploit a missing authorization check in the wpforms_is_admin_page function, allowing unauthorized actions such as refunding payments or canceling subscriptions.
Thousands of websites reliant on WPForms, a plugin used widely for creating professional-grade forms, are now at risk. A cybersecurity expert Samiksha Jain warns:
This vulnerability has far-reaching implications for businesses, particularly those dependent on recurring revenue. Attackers could disrupt services, compromise sensitive data, and cause severe financial damage.
WPForms’ immense popularity makes it a lucrative target for cybercriminals. From small businesses to large enterprises, websites utilizing this plugin for feedback forms, payments, and polls are urged to act swiftly.
Immediate Fix:
Updating to WPForms version 9.1.2.2 or later patches the vulnerability. CERT-In recommends administrators follow these steps immediately:
- Log into the WordPress dashboard.
- Navigate to the Plugins section and locate WPForms.
- Update the plugin and verify its version.
Proactive Measures:
CERT-In also advises limiting user permissions, enabling two-factor authentication, and maintaining regular backups to minimize risks.
The WPForms exploit is reminiscent of previous vulnerabilities like the Critical PAN-OS vulnerability, emphasizing the ongoing challenges of plugin security.
Other News At VPNRanks
- Indian Telcos Hit New High: Prepaid ARPU Surpasses Rs 150!
- IBM Launches GenAI Hub in Kochi to Spark AI Revolution!
Hey, wait!
Stay informed on the latest privacy updates, cybersecurity insights, and internet freedom news by following VPNRanks news daily! As your primary resource for critical updates in online security, we ensure you’re always in the know. Make VPNRanks your go-to guide for safeguarding your digital life!
