From securityaffairs.co
![Ninja Forms](https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/04/Ninja-Forms-plugin.jpg?resize=923%2C409&ssl=1)
In middle June, the Wordfence Threat Intelligence team noticed a back-ported security update in the popular WordPress plugin Ninja Forms, which has over one million active installations. The analysis of the updates revealed that they patched a code injection vulnerability that an unauthenticated attacker can exploit to execute arbitrary code or delete arbitrary files on the websites where a separate POP chain was present.