Ramuel Gall of Wordfence discovered a Cross-Site Request Forgery(CSRF) plugin vulnerability within the Ninja Forms WordPress plugin. By exploiting the CSRF vulnerability, an attacker could inject arbitrary malicious JavaScript via the import contact feature. This vulnerability was reportedly fixed in version 3.4.24.2.