CVE-2026-2268 Ninja Forms <= 3.14.0 - Unauthenticated Information Disclosure in nf_ajax_submit AJAX Action
The Ninja Forms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.14.0. This is due to the unsafe application of the ninjaformsmergetags filter to user-supplied input within repeater fields, which allows the resolution of postmeta:KEY mer...