EPSS
Percentile
21.6%
The plugin is affected by a Cross-Site Request Forgery (CSRF) which could allow attackers to make a logged administrator install an arbitrary plugin from the WordPress repository.
http://example.com/wp-admin/admin-ajax.php?action=nf_services_install&plugin;=wpscan&install;_path=wpscan/wpscan.php
wpdeeply.com/ninja-forms-before-3-4-27-1-simple-csrf-to-rce/