| CVE-2026-0740 | Ninja Forms - File Upload <= 3.3.26 - Unauthenticated Arbitrary File Upload | SaturdayDrive | Ninja Forms - File Uploads | Critical | 9.8 | 2026-04-07 04:25:59 | Deep Dive |
| CVE-2026-1307 | Ninja Forms <= 3.14.1 - Authenticated (Contributor+) Sensitive Information Disclosure via Block Editor Token | kstover | Ninja Forms – The Contact Form Builder That Grows With You | Medium | 6.5 | 2026-03-28 06:46:09 | Deep Dive |
| CVE-2026-32527 | WordPress WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.5 - Broken Access Control vulnerability | CRM Perks | WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms | 中危 | - | 2026-03-25 16:15:09 | Deep Dive |
| CVE-2026-25430 | WordPress Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.2.2 - Broken Access Control vulnerability | CRM Perks | Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms | Medium | 6.5 | 2026-03-25 16:14:49 | Deep Dive |
| CVE-2026-2568 | WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.5 - Unauthenticated Stored Cross-Site Scripting | crmperks | WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms | High | 7.2 | 2026-03-03 09:24:12 | Deep Dive |
| CVE-2026-2268 | Ninja Forms <= 3.14.0 - Unauthenticated Information Disclosure in nf_ajax_submit AJAX Action | kstover | Ninja Forms – The Contact Form Builder That Grows With You | High | 7.5 | 2026-02-10 09:26:05 | Deep Dive |
| CVE-2025-14072 | Ninja Forms < 3.13.3 - Unauthenticated Token Generation and Submission Disclosure | Unknown | Ninja Forms | 高危 | - | 2026-01-02 06:00:12 | Deep Dive |
| CVE-2025-11924 | Ninja Forms – The Contact Form Builder That Grows With You <= 3.13.2 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Exposure via Unscoped Bearer Token | kstover | Ninja Forms – The Contact Form Builder That Grows With You | High | 7.5 | 2025-12-17 06:42:31 | Deep Dive |
| CVE-2025-67468 | WordPress Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin <= 1.4.6 - Broken Access Control vulnerability | CRM Perks | Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms | Medium | 4.3 | 2025-12-09 14:13:56 | Deep Dive |
| CVE-2025-13136 | GSheetConnector For Ninja Forms <= 2.0.1 - Missing Authorization to Authenticated (Subscriber+) System Information Exposure | westerndeal | GSheetConnector For Ninja Forms | Medium | 4.3 | 2025-11-22 08:30:29 | Deep Dive |
| CVE-2025-64264 | WordPress Popup addon for Ninja Forms plugin <= 3.5.1 - Cross Site Scripting (XSS) vulnerability | Aman | Popup addon for Ninja Forms | 中危 | - | 2025-11-13 09:24:29 | Deep Dive |
| CVE-2025-10498 | Ninja Forms – The Contact Form Builder That Grows With You <= 3.12.0 - Cross-Site Request Forgery to Limited File Deletion | kstover | Ninja Forms – The Contact Form Builder That Grows With You | Medium | 4.3 | 2025-09-27 02:25:14 | Deep Dive |
| CVE-2025-10499 | Ninja Forms – The Contact Form Builder That Grows With You <= 3.12.0 - Cross-Site Request Forgery to Plugin Settings Update | kstover | Ninja Forms – The Contact Form Builder That Grows With You | Medium | 4.3 | 2025-09-27 02:25:13 | Deep Dive |
| CVE-2025-9083 | Ninja-forms < 3.11.1 - Unauthenticated PHP Objection | Unknown | Ninja Forms | - | - | 2025-09-18 06:00:06 | Deep Dive |
| CVE-2025-7697 | Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.1 - Unauthenticated PHP Object Injection via verify_field_val Function | crmperks | Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms | Critical | 9.8 | 2025-07-19 04:23:03 | Deep Dive |
| CVE-2025-7696 | Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.2.3 - Unauthenticated PHP Object Injection via verify_field_val Function | crmperks | Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms | Critical | 9.8 | 2025-07-19 04:23:02 | Deep Dive |
| CVE-2025-53279 | WordPress Popup addon for Ninja Forms plugin <= 3.4 - Cross Site Scripting (XSS) Vulnerability | Aman | Popup addon for Ninja Forms | Medium | 6.5 | 2025-06-27 13:21:20 | Deep Dive |
| CVE-2025-5398 | Ninja Forms <= 3.10.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via CSTI | kstover | Ninja Forms – The Contact Form Builder That Grows With You | Medium | 6.4 | 2025-06-27 09:23:19 | Deep Dive |
| CVE-2025-4659 | Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.4.4 - Unauthenticated Full Path Disclosure | crmperks | Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms | Medium | 5.3 | 2025-05-30 05:23:20 | Deep Dive |
| CVE-2025-2561 | Ninja Forms < 3.10.1 - Admin+ Stored XSS | Unknown | Ninja Forms | - | - | 2025-05-19 06:00:06 | Deep Dive |