how to work with se in the age of AI, what is seontology

[shaownhasan]

`

Dangerous Plugins
Let's start with the two reports that concern the Ninja architect data Forms plugin and the Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin . The first plugin is spread on about 800 thousand websites while the second has been installed over 300 thousand times.

It is important to underline that the vulnerabilities are not related to each other but were simply discovered temporally close. Also because they are very different vulnerabilities . As far as Ninja Forms is concerned, the vulnerability is a particular form of Cross-Site Scripting: a Reflected Cross-Site Scripting .

It is a vulnerability that to be exploited by a user with malicious intentions but it needs some preliminary steps but this does not make it less dangerous. The vulnerability, also called Reflected XSS, in fact allows a malicious user who manages to gain access by connecting, as a sort of parasite, to a legitimate admin-level user to enter and obviously be able to do what he wants with the website, given the privileges that the admin account has.

As we were saying, however, the user who has been targeted, the one who has been identified as the WordPress site admin, must perform certain actions such as clicking on a link that allows the illegal activity to start. The vulnerability is currently being evaluated and therefore there is no score that identifies it on the classic scale also used by Wordfence from 1 to 10.

The situation is different for the Fluent Forms contact plugin. Here we know that the vulnerability is classified with 4.2 out of 10 , so it is a medium-risk vulnerability but again no vulnerability should ever be underestimated.

In the case of the Fluent Forms plugin, there is a missing permission that would allow you to modify a potential API at will. However, in order to carry out an attack, the malicious user must obtain a subscriber level permission .