Your sub-head is misleading. While the plugin is installed on over 1 million sites, those sites were not infected. The team at @wordfence responsibly disclosed the vulnerability that was quickly patched by @ninjaforms so that users can update and protect themselves.
-
-
Hi, Just clarifying, we never metioned that it is "automatic", neither are we underestimating CSRF vulnerabilities. We're just saying that with this exploit, complete takeover of the target wordpress website is possible, as was mentioned in Wordfence article as well.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.