CVE-2026-1307 in kstover Ninja Forms Plugin
摘要 (英语)
The Ninja Forms - The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.14.1 via a callback function for the admin_enqueue_scripts action handler in blocks/bootstrap.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to gain access to an authorization token to view form submissions for arbitrary forms, which could potentially contain sensitive information.
负责
Wordfence
预定
2026-01-21
披露
2026-03-28
条目
| 标识符 | 漏洞 | CWE | 基础 | 临时 | 0day | 今天 | 可利用 | KEV | EPSS | CTI | 对策 | CVE |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 354071 | kstover Ninja Forms Plugin bootstrap.php admin_enqueue_scripts 信息公开 | 200 | 5.4 | 5.3 | $0-$5k | $0-$5k | 未定义 | 0.00031 | 0.18 | 未定义 | CVE-2026-1307 |