CVE-2024-39628

Name of the Vulnerable Software and Affected Versions Ninja Forms versions prior to 3.8.7

Description A Cross-Site Request Forgery (CSRF) issue affects the Ninja Forms plugin, allowing unauthorized actions to be performed on behalf of a user. This issue can be exploited by an attacker to perform actions without the user's knowledge or consent. The estimated number of potentially affected devices is not specified.

Recommendations For versions prior to 3.8.7, update to version 3.8.7 to resolve the issue. As a temporary workaround, consider implementing additional security measures to mitigate the risk of Cross-Site Request Forgery, such as validating user requests and ensuring that sensitive actions require explicit user confirmation.