WordPress websites using a widely used plugin named Ninja Forms have been updated automatically to remediate a critical security vulnerability that’s suspected of having been actively exploited in the wild.
The issue, which relates to a case of code injection, is rated 9.8 out of 10 for severity and affects multiple versions starting from 3.0. It has been fixed in 188.8.131.52, 3.1.10, 3.2.28, 184.108.40.206, 220.127.116.11, 18.104.22.168, and 3.6.11.
Ninja Forms is a customizable contact form builder that has over 1 million installations.
According to Wordfence, the bug “made it possible for unauthenticated…