WordPress · Ninja Forms · CVE-2016-1209
**Name of the Vulnerable Software and Affected Versions**
Ninja Forms plugin versions prior to 2.9.42.1
**Description**
The issue allows remote attackers to conduct PHP object injection attacks. This is achieved by sending crafted serialized values in a POST request.
**Recommendations**
For versions prior to 2.9.42.1, update to version 2.9.42.1 or later to resolve the issue.