A vulnerability was found in kstover Ninja Forms Plugin up to 3.8.22 on WordPress. It has been declared as critical. Affected by this vulnerability is the function
do_shortcode
of the component Shortcode Handler. The manipulation leads to code injection.
This vulnerability is known as CVE-2024-12238. The attack can be launched remotely. There is no exploit available.