The WordPress Plugin ‘Ninja Forms’ which currently has 1million+ installs, is vulnerable to a CSRF attack. This was identified in CVE-2020-12462.
The ninja-forms plugin before 220.127.116.11 for WordPress allows CSRF with resultant XSS.CVE-2020-12462
The fix was added on the 28th of April 2020.
Fixed Cross-Site Request Forgery(CSRF) to stored Cross-Site Scripting(XSS) reported responsibly by Ramuel Gall (Wordfence Threat Intelligence Team).Changelog note on the WordPress ninja-forms page
It is strongly advised to update your ninja forms to the latest version so that CVE-2020-12462 will be mitigated.