PT-2026-54501 · Kstover · Ninja Forms – The Contact Form Builder That Grows With You

Suyoung Kim

·

Publicado

2026-07-01

·

Atualizado

2026-07-01

·

CVE-2026-1239

CVSS v3.1

7.5

Alta

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to unauthorized access of data due to a missing authorization check on the 'ninja-forms-views/token/refresh' REST callback in all versions up to, and including, 3.14.1. This makes it possible for unauthenticated attackers to view form submissions, which could potentially contain sensitive information.

Correção

Missing Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-1239

Produtos afetados

Ninja Forms – The Contact Form Builder That Grows With You