EPSS
Percentile
39.5%
The wp_ajax_nf_oauth_disconnect from the plugin had no nonce protection making it possible for attackers to craft a request to disconnect a site’s OAuth connection.
www.wordfence.com/blog/2021/02/one-million-sites-affected-four-severe-vulnerabilities-patched-in-ninja-forms/