Ninja Forms <= 2.9.42.0 is vulnerable to PHP Object Injection

Unauthenticated

Published
2015-12-25

The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request.

CVE

https://www.cve.org/CVERecord?id=CVE-2016-1209

CVSS

Score:8.1

Severity:High

Version: 2.9.42.0

There is a patch available in v2.9.42.1 and we strongly recommend you update to this version as soon as possible.