Land rapid7#7365, nonce fix for Ninja Forms exploit

Author: wvu

modules/exploits/unix/webapp/wp_ninja_forms_unauthenticated_file_upload.rb

@@ -109,7 +109,8 @@ def fetch_ninja_form_nonce
       fail_with(Failure::UnexpectedReply, "Unable to access FORM_PATH: #{datastore['FORM_PATH']}")
     end
 
-    form_wpnonce = res.get_hidden_inputs.first['_wpnonce']
+    form_wpnonce = res.get_hidden_inputs.first
+    form_wpnonce = form_wpnonce['_wpnonce'] if form_wpnonce
 
     nonce = res.body[/var nfFrontEnd = \{"ajaxNonce":"([a-zA-Z0-9]+)"/i, 1] || form_wpnonce