Primary

Context

Ninja Forms WordPress Plugin Sensitive Information Exposure Vulnerability

Vulnerability

Patched

A vulnerability allowing sensitive information exposure has been identified in the Ninja Forms WordPress plugin, specifically in versions through 3.14.1. The issue arises from a callback function in blocks/bootstrap.php that handles the admin_enqueue_scripts action. This vulnerability enables authenticated attackers with Contributor-level access or higher to access an authorization token, which can be used to view form submissions from any form. These submissions may contain sensitive information.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information contained in form submissions, potentially including personal data or other confidential details.

Remediation

Users are advised to update the Ninja Forms WordPress plugin to version 3.14.2 or a newer patched version.

Added: Mar 28, 2026, 7:17 AM

Updated: Mar 28, 2026, 7:17 AM

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

2.5

exploitability

6.1

remediation

7.7

relevance

4.8

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

2.5

exploitability

6.1

remediation

7.7

relevance

4.8

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ninja Forms WordPress Plugin Sensitive Information Exposure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Ninja Forms

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating