CVE-2025-9083

Critical CVSS: 9.8

The Ninja Forms WordPress plugin before 3.11.1 unserializes user input via form field, which could allow Unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog.

Vendor

Ninjaforms

Product

Ninja Forms

CWE

CWE-502

Yayın Tarihi

2025-09-18 06:15:35

Güncelleme

2025-12-23 18:59:02

Source Identifier

contact@wpscan.com

KEV Date Added

Kategoriler

CWE-502 Ninja Forms CRITICAL Ninjaforms 2025

Referanslar

https://wpscan.com/vulnerability/60b4d7fc-5d23-4dcf-bd7f-e202cabc2625/ https://wpscan.com/vulnerability/60b4d7fc-5d23-4dcf-bd7f-e202cabc2625/

Benzer Kayıtlar

Medium

CVE-2025-14072

The Ninja Forms WordPress plugin before 3.13.3 allows unauthenticated attackers to generate valid access tokens via the…

High

CVE-2025-11924

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Insecure Direct Obj…

Medium

CVE-2025-10499

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Cross-Site Request…

Medium

CVE-2025-10498

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Cross-Site Request…

Medium

CVE-2025-5398

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site S…

Medium

CVE-2025-2524

The Ninja Forms WordPress plugin before 3.10.1 does not sanitise and escape some of its settings, which could allow hig…