{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1307", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2026-01-21T19:28:24.128Z", "datePublished": "2026-03-28T06:46:08.915Z", "dateUpdated": "2026-04-08T17:28:30.418Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:28:30.418Z"}, "affected": [{"vendor": "kstover", "product": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.14.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Ninja Forms - The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.14.1 via a callback function for the admin_enqueue_scripts action handler in blocks/bootstrap.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to gain access to an authorization token to view form submissions for arbitrary forms, which could potentially contain sensitive information."}], "title": "Ninja Forms <= 3.14.1 - Authenticated (Contributor+) Sensitive Information Disclosure via Block Editor Token", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/df4f4358-af6a-4a1a-bb83-afe31b3cdb9f?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/3489168/ninja-forms"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "cweId": "CWE-200", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Lucas Montes"}], "timeline": [{"time": "2026-01-21T19:44:33.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2026-03-27T18:10:41.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-30T18:04:47.753704Z", "id": "CVE-2026-1307", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T18:04:59.223Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1307", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-30T18:04:47.753704Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T18:04:52.057Z"}}], "cna": {"title": "Ninja Forms <= 3.14.1 - Authenticated (Contributor+) Sensitive Information Disclosure via Block Editor Token", "credits": [{"lang": "en", "type": "finder", "value": "Lucas Montes"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}}], "affected": [{"vendor": "kstover", "product": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "3.14.1"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-01-21T19:44:33.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2026-03-27T18:10:41.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/df4f4358-af6a-4a1a-bb83-afe31b3cdb9f?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/3489168/ninja-forms"}], "descriptions": [{"lang": "en", "value": "The Ninja Forms - The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.14.1 via a callback function for the admin_enqueue_scripts action handler in blocks/bootstrap.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to gain access to an authorization token to view form submissions for arbitrary forms, which could potentially contain sensitive information."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-03-28T06:46:08.915Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1307", "state": "PUBLISHED", "dateUpdated": "2026-03-30T18:04:59.223Z", "dateReserved": "2026-01-21T19:28:24.128Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-03-28T06:46:08.915Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Ninja Forms - The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.14.1 via a callback function for the admin_enqueue_scripts action handler in blocks/bootstrap.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to gain access to an authorization token to view form submissions for arbitrary forms, which could potentially contain sensitive information."}, {"lang": "es", "value": "El plugin Ninja Forms - The Contact Form Builder That Grows With You para WordPress es vulnerable a la Exposici\u00f3n de Informaci\u00f3n Sensible en todas las versiones hasta la 3.14.1, inclusive, a trav\u00e9s de una funci\u00f3n de callback para el gestor de acci\u00f3n admin_enqueue_scripts en blocks/bootstrap.php. Esto permite a atacantes autenticados, con acceso de nivel Colaborador o superior, obtener acceso a un token de autorizaci\u00f3n para ver env\u00edos de formularios arbitrarios, lo que podr\u00eda contener informaci\u00f3n sensible."}], "id": "CVE-2026-1307", "lastModified": "2026-04-24T16:36:24.067", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2026-03-28T07:15:55.950", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3489168/ninja-forms"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/df4f4358-af6a-4a1a-bb83-afe31b3cdb9f?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,*]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Ninja Forms \u2013 The Contact Form Builder That Grows With You", "source": "cna", "vendor": "kstover"}, "product": "ninja_forms_\u2013_the_contact_form_builder_that_grows_with_you", "vendor": "kstover"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-03-28T08:20:35.798555+00:00", "value": {"mitigation_remediation": ["Apply the latest Ninja Forms update (version 3.14.2 or later) as soon as possible.", "If upgrading is not immediately possible, restrict Contributor-level permissions to prevent unauthorized access to the block editor token.", "Review and audit form submission access settings to ensure only authorized roles can view submission data."], "summary": {"action": "Patch Immediately", "impact": "Sensitive Information Disclosure"}, "threat_synthesis": {"affected_systems": "The affected product is the WordPress plugin Ninja Forms \u2013 The Contact Form Builder That Grows With You, specifically all releases through and including version 3.14.1. No other vendors or products are listed as affected.", "description_and_impact": "The vulnerability in Ninja Forms up to version 3.14.1 allows authenticated users with Contributor-level access or higher to obtain an authorization token that grants visibility into form submissions. This token can be used to view any form submission data, potentially exposing personally identifiable information, credentials, or other sensitive content that should remain confidential.", "risk_and_exploitability": "The CVSS score is 6.5, indicating moderate severity, and the vulnerability is not listed in the CISA KEV catalog. While no EPSS score is provided, the attack requires a valid Contributor or higher role, a common privilege level in many installations. An attacker could exploit the exposed token to download or view all form submissions, leading to confidentiality compromise. The limited need for elevated privileges reduces the barrier to exploitation but still poses a meaningful risk to sites handling sensitive data."}}}}, "created": "2026-03-29T20:32:41.363313+00:00", "updated": "2026-03-30T06:59:50.796470+00:00", "vendors": ["kstover", "kstover$PRODUCT$ninja_forms_\u2013_the_contact_form_builder_that_grows_with_you", "wordpress", "wordpress$PRODUCT$wordpress"]}