{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-10499", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-09-15T20:58:58.782Z", "datePublished": "2025-09-27T02:25:13.451Z", "dateUpdated": "2026-04-08T17:12:46.315Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:12:46.315Z"}, "affected": [{"vendor": "kstover", "product": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.12.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Ninja Forms \u2013 The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.12.0. This is due to missing or incorrect nonce validation on the maybe_opt_in() function. This makes it possible for unauthenticated attackers to opt an affected site into usage statistics collection via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "title": "Ninja Forms \u2013 The Contact Form Builder That Grows With You <= 3.12.0 - Cross-Site Request Forgery to Plugin Settings Update", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a2f118fc-d99a-4713-865e-2da7a9e20db5?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/ninja-forms/trunk/lib/NF_Tracking.php"}, {"url": "https://plugins.trac.wordpress.org/changeset/3365881/ninja-forms/trunk?contextall=1&old=3362375&old_path=%2Fninja-forms%2Ftrunk#file6"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "cweId": "CWE-352", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Nguyen Ngoc Quang Bach"}], "timeline": [{"time": "2025-09-26T14:16:01.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-29T13:55:08.593091Z", "id": "CVE-2025-10499", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-29T13:55:21.662Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-10499", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-29T13:55:08.593091Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-29T13:55:14.483Z"}}], "cna": {"title": "Ninja Forms \u2013 The Contact Form Builder That Grows With You <= 3.12.0 - Cross-Site Request Forgery to Plugin Settings Update", "credits": [{"lang": "en", "type": "finder", "value": "Nguyen Ngoc Quang Bach"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "kstover", "product": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "3.12.0"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-09-26T14:16:01.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a2f118fc-d99a-4713-865e-2da7a9e20db5?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/ninja-forms/trunk/lib/NF_Tracking.php"}, {"url": "https://plugins.trac.wordpress.org/changeset/3365881/ninja-forms/trunk?contextall=1&old=3362375&old_path=%2Fninja-forms%2Ftrunk#file6"}], "descriptions": [{"lang": "en", "value": "The Ninja Forms \u2013 The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.12.0. This is due to missing or incorrect nonce validation on the maybe_opt_in() function. This makes it possible for unauthenticated attackers to opt an affected site into usage statistics collection via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:12:46.315Z"}}}, "cveMetadata": {"cveId": "CVE-2025-10499", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:12:46.315Z", "dateReserved": "2025-09-15T20:58:58.782Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-09-27T02:25:13.451Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ninjaforms:ninja_forms:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "9182CBC2-A77D-468A-B3DA-B25F9EC83AA1", "versionEndExcluding": "3.12.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Ninja Forms \u2013 The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.12.0. This is due to missing or incorrect nonce validation on the maybe_opt_in() function. This makes it possible for unauthenticated attackers to opt an affected site into usage statistics collection via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "id": "CVE-2025-10499", "lastModified": "2025-12-23T18:57:13.767", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-09-27T03:15:32.940", "references": [{"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/ninja-forms/trunk/lib/NF_Tracking.php"}, {"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset/3365881/ninja-forms/trunk?contextall=1&old=3362375&old_path=%2Fninja-forms%2Ftrunk#file6"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a2f118fc-d99a-4713-865e-2da7a9e20db5?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T02:46:12.020342+00:00", "value": {"mitigation_remediation": ["Upgrade Ninja Forms to version 3.12.1 or later, which removes the nonce validation flaw.", "If already using a fixed version, disable the usage\u2011statistics option through the plugin\u2019s settings panel.", "If an upgrade is not immediately possible, deactivate the Ninja Forms plugin to prevent further risk until the patch is applied."], "summary": {"action": "Update Plugin", "impact": "Unintended Settings Modification via Cross\u2011Site Request Forgery"}, "threat_synthesis": {"affected_systems": "All installations of Ninja Forms plugin versions 3.12.0 or older for WordPress are affected. The vulnerability applies to any site running the plugin prior to the release that addressed the issue in a later version.", "description_and_impact": "Ninja Forms, a WordPress form builder plugin, contains a Cross\u2011Site Request Forgery vulnerability (CWE\u2011352) that allows unauthenticated attackers to change the plugin\u2019s settings. By exploiting the missing or incorrect nonce validation on the maybe_opt_in() function, a malicious actor can trick a site administrator into submitting a forged request, thereby enabling the site to opt in to usage\u2011statistics collection. This change does not grant direct access to website data, but it creates a potential channel for third\u2011party tracking and may expose sensitive operational information about the site to the plugin maintainers.", "risk_and_exploitability": "The CVSS score of 4.3 reflects a moderate severity, and the EPSS score of less than 1% suggests the vulnerability is currently unlikely to be widely exploited. The flaw is not listed in CISA\u2019s KEV catalog. In practice, an attacker would need to deceive an administrator into clicking a crafted link or submitting a forged request; no remote code execution or credential compromise is required. Consequently, the risk is largely limited to inadvertent data collection unless combined with additional social engineering."}}}}, "created": "2025-09-29T09:29:55.953079+00:00", "updated": "2026-04-21T03:00:06.370565+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}