Ninja Forms Plugin – Security Alert!

SUCURI, a leading WordPress security company, announced their finding of an SQL injection vulnerability in the popular Ninja Forms plugin.

The Ninja Forms plugin is installed on over 600,000 WordPress websites, and SUCURI is giving this a risk rating of Dangerous and should be updated to version 2.9.55.2 (or later) which fixes the vulnerability.

The exploit requires the attacker to have an account on the WordPress website. The privilege level doesn’t matter, meaning even a Subscriber could exploit this vulnerability.

The attacker using this bug could acquire the site’s usernames and hashed passwords, the WordPress secret keys, and other data.

You can read more about the Ninja Form plugin exploit on the SUCURI blog.


At Current Media Group we take security very seriously. With our Managed WordPress Hosting, we make sure that our client’s websites are backed up daily, and protected with multiple firewalls throughout our enterprise-grade infrastructure. Our real-time security threat detection, and security audits and code reviews help to keep client’s sites safe. Should a website become compromised, we will immediately take action to find the exploit, remove the malicious code, and have the site back up and running in no time.