From securityaffairs.co
In middle June, the Wordfence Threat Intelligence team noticed a back-ported security update in the popular WordPress plugin Ninja Forms, which has over one million active installations. The analysis of the updates revealed that they patched a code injection vulnerability that an unauthenticated attacker can exploit to execute arbitrary code or delete arbitrary files on the websites where a separate POP chain was present.