CVE-2026-1307 in kstover Ninja Forms Plugin
Resumen (Inglés)
The Ninja Forms - The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.14.1 via a callback function for the admin_enqueue_scripts action handler in blocks/bootstrap.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to gain access to an authorization token to view form submissions for arbitrary forms, which could potentially contain sensitive information.
Responsable
Wordfence
Reservar
2026-01-21
Divulgación
2026-03-28
Voces
| Fecha de publicación | Base | Temp | Vulnerabilidad | CWE | Prod | Exp | Con | EPSS | CTI | CVE |
|---|---|---|---|---|---|---|---|---|---|---|
| 2026-03-28 | 5.4 | 5.3 | kstover Ninja Forms Plugin bootstrap.php admin_enqueue_scripts divulgación de información | 200 | WordPress Plugin | No está definido | No está definido | 0.00031 | 0.37 | CVE-2026-1307 |