WordFence Discloses Severe Vulnerabilities Affecting NinjaForms WordPress Plugin

Feb 20, 2021 | Blog, Website Security, WordPress

On January 20, WordFence privately disclosed four serious security vulnerabilities to the developers of Ninja Forms, a popular WordPress plugin used by over 1 million websites. One of these vulnerabilities is rated a 9.9 on the Common Vulnerability Scoring System. A rating of 10 is the most severe score possible on this rating system.

Fortunately, Ninja Forms is maintained by a responsible, dedicated team, and patches for all four vulnerabilities were released by February 8. However, it is now up to WordPress website owners who use this plugin to make sure their websites are patched. 

In a blog post from several years ago, we described a couple of important things all website owners should do to keep their websites secure. One of those tips is to regularly keep CMS software updated.

How to Update Your WordPress Website – Including Plugins like Ninja Forms

WordPress makes software updates easy.  That said, we always recommend taking a full backup before making any changes – including installing any updates. Most of the time, the update will work fine. However, if something does break, you need to have the ability to quickly restore from a good backup.

Once you do have a good backup, the first thing you need to do is to head over to your administrator dashboard. In most cases, that will be at example.com/wp-admin (change example.com to your own URL, of course).

Once you’ve logged in, click on Updates in the left sidebar. From there, just click on the checkbox beside the plugins you want to update, then click the Update Plugins button. Or better yet, click the box beside Select All, to install all of the plugin updates at once!

Note that you’ll probably have to update the WordPress core software separately from your plugins. So make sure you do both from the same page.

We try to update our own customer websites on average between 4-6 times per year. That is a reasonable amount of time to go between updates, and we wouldn’t recommend waiting much longer than this to apply updates to your website. However, we do pay close attention to WordPress security vulnerabilities, and will apply critical updates as quickly as possible.

Need help with your WordPress website?
Barred Owl Web provides Managed WordPress web hosting services. We’ll keep your website updated, and we’ll fix it if it ever gets hacked. Head on over to our services page to find out more and get started.

Why Choose Barred Owl Web?

The Barred Owl Web team is technically proficient, extremely responsive and provides a high level of customer satisfaction.  We highly recommend Barred Owl Web for web development, technical, and customer support.
– Enrique Fiallo, Director of Technology, NET Institute

Barred Owl Web is the hosting company to call first for nonprofits. Their solutions-oriented, customer – and client – focused approach to web hosting provides agencies the ability to consistently and reliably get their messages out to those who need to hear it. You can count on Barred Owl Web to be responsive to the unique needs of your agency. Barred Owl Web’s customer service is exceptional, and it is kind. Contact them and see for yourself!
Rebecca Whelchel, Executive Director, Metropolitan Ministries (MetMin)

Barred Owl Web has always been responsive to our needs as a small nonprofit. They have helped us immensely with issues like Web server security updates and PCI compliance.
Evan Donovan, Web Developer, Tech Mission

Contact Us


P.O. Box 21514
Chattanooga, TN 37424

14 + 11 =