CVE-2026-1307 in kstover Ninja Forms Plugininformação

Sumário (Inglês)

The Ninja Forms - The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.14.1 via a callback function for the admin_enqueue_scripts action handler in blocks/bootstrap.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to gain access to an authorization token to view form submissions for arbitrary forms, which could potentially contain sensitive information.

Responsável

Wordfence

Reservar

21/01/2026

Divulgação

28/03/2026

Inscrições

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerabilidade	CWE	Exp	Con	CVE
354071	kstover Ninja Forms Plugin bootstrap.php admin_enqueue_scripts Divulgação de Informação	200	Não definido	Não definido	CVE-2026-1307

Descrição

CPE

CWE

CVSS

Explorações

História

Diferença

Relacionar

Inteligência de ameaças

API JSON

API XML

API CSV

◂ VoltarVisão GeralPróximo ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!