Description
WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder is prone to a cross-site request forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder version 3.4.24.1 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.4.24.2 or latest
References
https://www.wordfence.com/blog/2020/04/high-severity-vulnerability-patched-in-ninja-forms/
https://plugins.svn.wordpress.org/ninja-forms/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin Essential Content Types Security Bypass (1.4)
Oracle Application Server CVE-2010-0067 Vulnerability (CVE-2010-0067)
WordPress Plugin SendinBlue Subscribe Form And WP SMTP Multiple Unspecified Vulnerabilities (2.7.3)
WordPress Plugin Editorial Calendar Multiple Vulnerabilities (2.6)
Oracle HTTP Server Out-of-bounds Read Vulnerability (CVE-2018-16890)