Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/09/28 2:41 a.m.9 views

CVE-2025-10499

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.12.0. This is due to missing or incorrect nonce validation on the maybeoptin function. This makes it possible for unauthenticated...

4.3CVSS5.2AI score0.00151EPSS
Exploits0References1
NVD
NVD
added 2025/09/27 3:15 a.m.9 views

CVE-2025-10499

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.12.0. This is due to missing or incorrect nonce validation on the maybeoptin function. This makes it possible for unauthenticated...

4.3CVSS0.00151EPSS
Exploits0References3
OSV
OSV
added 2025/09/27 3:15 a.m.5 views

CVE-2025-10499

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.12.0. This is due to missing or incorrect nonce validation on the maybeoptin function. This makes it possible for unauthenticated...

4.3CVSS5.6AI score0.00151EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/09/27 2:25 a.m.4 views

CVE-2025-10499 Ninja Forms – The Contact Form Builder That Grows With You <= 3.12.0 - Cross-Site Request Forgery to Plugin Settings Update

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.12.0. This is due to missing or incorrect nonce validation on the maybeoptin function. This makes it possible for unauthenticated...

4.3CVSS4.9AI score0.00151EPSS
Exploits0References3
CVE
CVE
added 2025/09/27 2:25 a.m.23 views

CVE-2025-10499

CVE-2025-10499 : The WordPress plugin Ninja Forms – The Contact Form Builder That Grows With You (up to version 3.12.0) is vulnerable to a Cross‑Site Request Forgery (CSRF) due to missing/incorrect nonce validation in the maybe_opt_in() function. This allows unauthenticated attackers to trigger e...

4.3CVSS4.9AI score0.00151EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2025/09/27 12:0 a.m.7 views

WordPress plugin Ninja Forms 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

4.3CVSS6.4AI score0.00151EPSS
Exploits0References4
Rows per page
Query Builder