CVE-2021-24889

The Ninja Forms Contact Form WordPress plugin before 3.6.4 does not escape keys of the fields POST parameter, which could allow high privilege users to perform SQL injections attacks > MITRE Terms of Use apply – see LICENSE‑MITRE.txt