CVE-2026-1307

Name of the Vulnerable Software and Affected Versions Ninja Forms - The Contact Form Builder That Grows With You versions prior to 3.14.2

Description The Ninja Forms plugin for WordPress is susceptible to sensitive information disclosure. Authenticated attackers with Contributor-level access or higher can potentially access an authorization token. This token allows viewing form submissions for any form, which may include sensitive data. The issue stems from a callback function within the blocks/bootstrap.php file, specifically related to the admin enqueue scripts action handler.

Recommendations Update Ninja Forms to version 3.14.2 or later.