Lucene search
K

949 matches found

NVD
NVD
added 2025/12/17 7:15 a.m.7 views

CVE-2025-11924

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.13.2. This is due to the plugin not properly verifying that a user is authorized before the ninja-forms-views REST endpoints...

7.5CVSS0.00364EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/17 6:42 a.m.32 views

CVE-2025-11924 Ninja Forms – The Contact Form Builder That Grows With You <= 3.13.2 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Exposure via Unscoped Bearer Token

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.13.2. This is due to the plugin not properly verifying that a user is authorized before the ninja-forms-views REST endpoints...

7.5CVSS0.00364EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/17 6:42 a.m.9 views

EUVD-2025-203882

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.13.2. This is due to the plugin not properly verifying that a user is authorized before the ninja-forms-views REST endpoints...

7.5CVSS5.5AI score0.00364EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/17 6:42 a.m.3 views

CVE-2025-11924 Ninja Forms – The Contact Form Builder That Grows With You <= 3.13.2 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Exposure via Unscoped Bearer Token

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.13.2. This is due to the plugin not properly verifying that a user is authorized before the ninja-forms-views REST endpoints...

7.5CVSS5.6AI score0.00364EPSS
Exploits0References2
CVE
CVE
added 2025/12/17 6:42 a.m.18 views

CVE-2025-11924

The CVE-2025-11924 entry concerns Ninja Forms – The Contact Form Builder That Grows With You for WordPress (versions up to and including 3.13.2). Affected component: the ninja-forms-views REST endpoints. Root cause: insufficient authorization checks allow an unauthenticated attacker to read arbit...

7.5CVSS5.6AI score0.00364EPSS
In wildExploits0References2Affected Software1
Patchstack
Patchstack
added 2025/12/17 5:42 a.m.5 views

WordPress Ninja Forms plugin <= 3.13.2 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Exposure via Unscoped Bearer Token vulnerability

Insecure Direct Object Reference to Unauthenticated Sensitive Information Exposure via Unscoped Bearer Token vulnerability discovered by WordFence in WordPress Plugin Ninja Forms versions = 3.13.2...

7.5CVSS6.7AI score0.00364EPSS
Exploits0References2Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2025/12/17 12:0 a.m.7 views

VulnCheck KEV: CVE-2025-11924

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.13.2. This is due to the plugin not properly verifying that a user is authorized before the ninja-forms-views REST endpoints...

7.5CVSS5.9AI score0.00364EPSS
In wildExploits0References2
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.4 views

PT-2025-51815

Name of the Vulnerable Software and Affected Versions Ninja Forms – The Contact Form Builder That Grows With You versions up to and including 3.13.2 Description The Ninja Forms plugin for WordPress is susceptible to an Insecure Direct Object Reference issue. The plugin does not adequately verify...

7.5CVSS6.1AI score0.00364EPSS
Exploits0References11
CNNVD
CNNVD
added 2025/12/17 12:0 a.m.4 views

WordPress plugin Ninja Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

7.5CVSS6.7AI score0.00364EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/10 2:23 p.m.3 views

CVE-2025-67468

Missing Authorization vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms cf7-salesforce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integration for Salesforce and Contact Form 7,...

4.3CVSS7AI score0.00204EPSS
Exploits0References1
CVE
CVE
added 2025/12/09 2:13 p.m.14 views

CVE-2025-67468

CVE-2025-67468 affects WordPress: the WordPress Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin (cf7-salesforce) with versions up to and including 1.4.6. The issue is a Missing Authorization / Broken Access Control vulnerability allowing exploitat...

4.3CVSS6.6AI score0.00204EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.4 views

PT-2025-49884

Missing Authorization vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms cf7-salesforce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integration for Salesforce and Contact Form 7,...

4.3CVSS7AI score0.00204EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.7 views

WordPress plugin Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a suite of blogging platforms developed using the PHP language. The platform has the ability to host a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security...

4.3CVSS6.3AI score0.00204EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/23 9:40 a.m.13 views

CVE-2025-13136

The GSheetConnector For Ninja Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'njform-google-sheet-config ' page in all versions up to, and including, 2.0.1. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS4.9AI score0.00178EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/22 9:31 a.m.7 views

EUVD-2025-198533

The GSheetConnector For Ninja Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'njform-google-sheet-config ' page in all versions up to, and including, 2.0.1. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS4.5AI score0.00178EPSS
Exploits0References3
NVD
NVD
added 2025/11/22 9:15 a.m.10 views

CVE-2025-13136

The GSheetConnector For Ninja Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'njform-google-sheet-config ' page in all versions up to, and including, 2.0.1. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS0.00178EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/22 8:30 a.m.4 views

CVE-2025-13136 GSheetConnector For Ninja Forms <= 2.0.1 - Missing Authorization to Authenticated (Subscriber+) System Information Exposure

The GSheetConnector For Ninja Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'njform-google-sheet-config ' page in all versions up to, and including, 2.0.1. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS4.6AI score0.00178EPSS
Exploits0References2
CVE
CVE
added 2025/11/22 8:30 a.m.13 views

CVE-2025-13136

CVE-2025-13136 affects the WordPress plugin GSheetConnector For Ninja Forms (

4.3CVSS4.6AI score0.00178EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/22 8:30 a.m.13 views

CVE-2025-13136 GSheetConnector For Ninja Forms <= 2.0.1 - Missing Authorization to Authenticated (Subscriber+) System Information Exposure

The GSheetConnector For Ninja Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'njform-google-sheet-config ' page in all versions up to, and including, 2.0.1. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS0.00178EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/11/22 12:3 a.m.8 views

WordPress GSheetConnector For Ninja Forms plugin <= 2.0.1 - Missing Authorization to Authenticated (Subscriber+) System Information Exposure vulnerability

Missing Authorization to Authenticated Subscriber+ System Information Exposure vulnerability discovered by Bhayanak Atma in WordPress Plugin Ninja Forms Google Sheet Connector versions = 2.0.1...

4.3CVSS6.9AI score0.00178EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder