CVE-2026-2268

The Ninja Forms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.14.0. This is due to the unsafe application of the ninjaformsmergetags filter to user-supplied input within repeater fields, which allows the resolution of postmeta:KEY mer...

CVE-2026-2268

The Ninja Forms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.14.0. This is due to the unsafe application of the ninjaformsmergetags filter to user-supplied input within repeater fields, which allows the resolution of postmeta:KEY mer...

CVE-2026-2268 Ninja Forms <= 3.14.0 - Unauthenticated Information Disclosure in nf_ajax_submit AJAX Action

The Ninja Forms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.14.0. This is due to the unsafe application of the ninjaformsmergetags filter to user-supplied input within repeater fields, which allows the resolution of postmeta:KEY mer...

CVE-2026-2268

The CVE-2026-2268 entry concerns Ninja Forms for WordPress (

WordPress plugin Ninja Forms 信息泄露漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2025-49271

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in GravityWP GravityWP - Merge Tags gravitywp-merge-tags allows PHP Local File Inclusion.This issue affects GravityWP - Merge Tags: from n/a through = 1.4.4...

CVE-2025-49271

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in GravityWP GravityWP - Merge Tags gravitywp-merge-tags allows PHP Local File Inclusion.This issue affects GravityWP - Merge Tags: from n/a through = 1.4.4...

CVE-2025-49271 WordPress GravityWP - Merge Tags <= 1.4.4 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in GravityWP GravityWP - Merge Tags gravitywp-merge-tags allows PHP Local File Inclusion.This issue affects GravityWP - Merge Tags: from n/a through = 1.4.4...

CVE-2025-49271 WordPress GravityWP - Merge Tags <= 1.4.4 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in GravityWP GravityWP - Merge Tags gravitywp-merge-tags allows PHP Local File Inclusion.This issue affects GravityWP - Merge Tags: from n/a through = 1.4.4...

CVE-2025-49271

CVE-2025-49271 describes an issue in GravityWP – Merge Tags where improper handling of filenames in PHP Include/Require statements enables PHP Local File Inclusion. Affected versions are GravityWP – Merge Tags up to and including 1.4.4. The weakness could allow an attacker to access local files v...

PT-2025-33197 · WordPress · Gravitywp - Merge Tags

Name of the Vulnerable Software and Affected Versions: GravityWP - Merge Tags versions through 1.4.4 Description: A flaw exists in the handling of filenames within the Include/Require statement in PHP programs, specifically in GravityWP - Merge Tags. This issue allows for PHP Local File Inclusion...

WordPress plugin GravityWP - Merge Tags 安全漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress GravityWP - Merge Tags <= 1.4.4 - Local File Inclusion Vulnerability

WordPress GravityWP - Merge Tags = 1.4.4 - Local File Inclusion Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin GravityWP - Merge Tags versions = 1.4.4...