Description
WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently preview un-published forms by injecting arbitrary shortcodes. WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress version 3.0.30 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.0.31 or latest
References
Related Vulnerabilities
Drupal Core 7.x Multiple Vulnerabilities (7.0 - 7.37)
Joomla! Core 2.5.0 Information Disclosure (2.5.0 - 2.5.0)
WordPress Plugin SEO Redirection-301 Redirect Manager SQL Injection (3.5)
WordPress 3.4 Multiple Vulnerabilities (3.4 - 3.4)
WordPress 4.7.x Possible SQL Injection Vulnerability (4.7 - 4.7.6)