An extremely popular form builder plugin for WordPress website builder (opens in new tab) with over a million installs is vulnerable to a high severity flaw that could allow threat actors to complete control of the site.

Ninja Forms recently released a new patch, which, when reverse-engineered, included a code injection vulnerability. (opens in new tab) which affected all versions from 3.0 and up.