Hello,

At WP Engine we take the security of your sites very seriously, and make every effort to keep our customers aware of any potential security risks. We are reaching out to you today because we identified resources that may be utilizing a vulnerable version of the ninja-forms plugin.

The propunchdev on radiate2 is running version 3.2.4.
The fifthgearaz on radiate2 is running version 3.4.16.
The desertviestage on radiate2 is running version 3.7.3.
The deserttroon on radiate2 is running version 3.6.11.
The deserttroonstg on radiate2 is running version 3.6.11.
The dirtdoctorsstg on radiate2 is running version 3.6.29.
The torreon on radiate2 is running version 3.8.16.
The torreoncomstg on radiate2 is running version 3.8.16.
The scorpionbayaz on radiate2 is running version 3.8.17.
The scorpionbaystg on radiate2 is running version 3.8.17.

WP Engine summary of the vulnerability: Data from an attacker could be interpreted as code by site visitors’ web browsers. The ability to run code in another site visitors’ browser can be abused to steal information, or modify site configuration.

This vulnerability’s information has been verified by Patchstack. Please note that questions related to this notification should be directed to Patchstack, the plugin author or the 3rd-party researcher for the most accurate information.

Resources providing further information on this vulnerability:

https://patchstack.com/database/vulnerability/ninja-forms/wordpress-ninja-forms-plugin-3-8-24-authenticated-contributor-stored-cross-site-scripting-via-shortcode-vulnerability?_a_id=473

To secure your site, please upgrade to the latest version of this plugin.

We always suggest making a backup before making any changes. You can learn how to do this in this article: https://wpengine.com/support/restore/.

Would you like to avoid doing these updates manually in the future? Add the Smart Plugin Manager: https://my.wpengine.com/products/smart_plugin_manager to your plan today!

Finally, feel free to reach out to our Support team if you need assistance with backing up or updating your website!

Thanks,
-WP Engine Security Team