CVE-2025-10498

CVE-2025-10498 affects Ninja Forms for WordPress (

CVE-2025-10498 Ninja Forms – The Contact Form Builder That Grows With You <= 3.12.0 - Cross-Site Request Forgery to Limited File Deletion

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.12.0. This is due to missing or incorrect nonce validation when exporting CSV files. This makes it possible for unauthenticated...

CVE-2025-10498 Ninja Forms – The Contact Form Builder That Grows With You <= 3.12.0 - Cross-Site Request Forgery to Limited File Deletion

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.12.0. This is due to missing or incorrect nonce validation when exporting CSV files. This makes it possible for unauthenticated...

CVE-2025-10499

CVE-2025-10499 : The WordPress plugin Ninja Forms – The Contact Form Builder That Grows With You (up to version 3.12.0) is vulnerable to a Cross‑Site Request Forgery (CSRF) due to missing/incorrect nonce validation in the maybe_opt_in() function. This allows unauthenticated attackers to trigger e...

CVE-2025-10499 Ninja Forms – The Contact Form Builder That Grows With You <= 3.12.0 - Cross-Site Request Forgery to Plugin Settings Update

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.12.0. This is due to missing or incorrect nonce validation on the maybeoptin function. This makes it possible for unauthenticated...

CVE-2025-10499 Ninja Forms – The Contact Form Builder That Grows With You <= 3.12.0 - Cross-Site Request Forgery to Plugin Settings Update

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.12.0. This is due to missing or incorrect nonce validation on the maybeoptin function. This makes it possible for unauthenticated...

WordPress plugin Ninja Forms 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

WordPress plugin Ninja Forms 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

PT-2025-39706

Name of the Vulnerable Software and Affected Versions Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress versions prior to 3.12.1 Description The software is susceptible to a Cross-Site Request Forgery CSRF issue. This is caused by inadequate or missing nonce validati...

PT-2025-39705

Name of the Vulnerable Software and Affected Versions Ninja Forms – The Contact Form Builder That Grows With You versions prior to 3.12.1 Description The software is susceptible to Cross-Site Request Forgery CSRF due to inadequate nonce validation when exporting CSV files. This allows...

PT-2025-39716

Name of the Vulnerable Software and Affected Versions cForms – Light speed fast Form Builder plugin for WordPress versions through 3.0.0 Description The software is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation on the cforms api function. This allows...

WordPress Ninja Forms plugin <= 3.12.0 - Cross-Site Request Forgery to Limited File Deletion vulnerability

Cross-Site Request Forgery to Limited File Deletion vulnerability discovered by Nguyen Ngoc Quang Bach maysbachs in WordPress Plugin Ninja Forms versions = 3.12.0...

WordPress Ninja Forms plugin <= 3.12.0 - Cross-Site Request Forgery to Plugin Settings Update vulnerability

Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by Nguyen Ngoc Quang Bach maysbachs in WordPress Plugin Ninja Forms versions = 3.12.0...

WordPress Everest Forms plugin <= 3.4.1 - Arbitrary Shortcode Execution vulnerability

Arbitrary Shortcode Execution vulnerability discovered by Najib Sinjari in WordPress Plugin Everest Forms versions = 3.4.1...

WordPress WP Subscription Forms PRO Plugin <= 2.0.5 - Arbitrary Content Deletion Vulnerability

Arbitrary Content Deletion Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin WP Subscription Forms PRO versions = 2.0.5...

WordPress WP Gravity Forms HubSpot Plugin <= 1.2.5 - Open Redirection Vulnerability

Open Redirection Vulnerability discovered by Bonds in WordPress Plugin WP Gravity Forms HubSpot versions = 1.2.5...

CVE-2025-60166

Missing Authorization vulnerability in wpshuffle WP Subscription Forms PRO wp-subscription-forms-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Subscription Forms PRO: from n/a through = 2.0.5...

CVE-2025-60166

Technical details for CVE-2025-60166 are not provided in the supplied documents. The initial description notes a Missing Authorization vulnerability in WP Subscription Forms PRO

CVE-2025-60166 WordPress WP Subscription Forms PRO Plugin <= 2.0.5 - Arbitrary Content Deletion Vulnerability

Missing Authorization vulnerability in wpshuffle WP Subscription Forms PRO wp-subscription-forms-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Subscription Forms PRO: from n/a through = 2.0.5...

CVE-2025-60166 WordPress WP Subscription Forms PRO Plugin <= 2.0.5 - Arbitrary Content Deletion Vulnerability

Missing Authorization vulnerability in wpshuffle WP Subscription Forms PRO wp-subscription-forms-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Subscription Forms PRO: from n/a through = 2.0.5...