CVE-2026-1307 in kstover Ninja Forms Plugin
Résumé (Anglaise)
The Ninja Forms - The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.14.1 via a callback function for the admin_enqueue_scripts action handler in blocks/bootstrap.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to gain access to an authorization token to view form submissions for arbitrary forms, which could potentially contain sensitive information.
Responsable
Wordfence
Réserver
21/01/2026
Divulgation
28/03/2026
Entrées
| Publié | Base | Temp | Vulnérabilité | CWE | Prod | Exp | Con | EPSS | CTI | CVE |
|---|---|---|---|---|---|---|---|---|---|---|
| 28/03/2026 | 5.4 | 5.3 | kstover Ninja Forms Plugin bootstrap.php admin_enqueue_scripts divulgation d'information | 200 | WordPress Plugin | Non défini | Non défini | 0.00031 | 2.72 | CVE-2026-1307 |