CVE-2025-10498 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including…
Medium CVSS: 4.3

CVE-2025-10498

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.12.0. This is due to missing or incorrect nonce validation when exporting CSV files. This makes it possible for unauthenticated attackers to delete those files granted they can trick an administrator into performing an action such as clicking on a link.
Vendor
Ninjaforms
Product
Ninja Forms
CWE
CWE-352
Yayın Tarihi
2025-09-27 03:15:31
Güncelleme
2025-12-23 18:58:20
Source Identifier
security@wordfence.com
KEV Date Added
-

Kategoriler

CWE-352 Ninja Forms MEDIUM Ninjaforms 2025

Referanslar

https://plugins.trac.wordpress.org/browser/ninja-forms/trunk/includes/Admin/Menus/Submissions.php#L464 https://plugins.trac.wordpress.org/changeset/3365881/ninja-forms/trunk?contextall=1&old=3362375&old_path=%2Fninja-forms%2Ftrunk#file6 https://www.wordfence.com/threat-intel/vulnerabilities/id/b082176c-9486-416c-8215-cdba4d6e5260?source=cve