Description
WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress is prone to multiple vulnerabilities, including cross-site request forgery, open redirect and information disclosure vulnerabilities. Exploiting these issues could allow an attacker to perform certain administrative actions and gain unauthorized access to the affected application, to redirect users to arbitrary web sites and conduct phishing attacks, or to obtain sensitive information that may help in launching further attacks. WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress version 3.4.33 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.4.34 or latest