Vulnerability Discovered in Ninja Forms < 3.4.24.2
https://nvd.nist.govNinja Forms WordPress plugin has 1 million active installations and can be used to easily create forms in WordPress. In versions prior to 3.4.24.2, there is a vulnerability that allows attackers to launch a Cross-Site Scripting(XSS) attack using Cross-Site Request Forgery(CSRF).
The issue has been fixed in Version 3.4.24.2 which is available now from the WordPress Plugin Repo.