The developers behind the Ninja Forms WordPress plugin have addressed a Cross-Site Request Forgery (CSRF) vulnerability that could lead to Stored Cross-Site Scripting (Stored XSS) attacks.
Ninja Forms is a drag and drop form builder plugin for WordPress builder that allows users to easily create complex forms within just a few minutes.
The WordPress plugin has currently more than 1 million installs, the flaw affects all Ninja Forms versions up to 3.4.24.2.
The issue, rated as a high severity security flaw (CVSS score of 8.8), could be exploited by attackers to inject malicious code and take over websites.