Skip to main content

Ninja Forms File Uploads CVE-2026-12557

| EUVDEUVD-2026-41484 MEDIUM
Missing Authorization (CWE-862)
2026-07-03 Wordfence GHSA-p624-2chq-cjc7
5.3
CVSS 3.1 · Vendor: Wordfence
Share

Severity by source

Vendor (Wordfence) PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
vuln.today AI
7.3 HIGH

C:L added for debug log read exposure; A:L added for permanent deletion of all log table rows; PR:N confirmed by unauthenticated nature of bypass.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (Wordfence).

CVSS VectorVendor: Wordfence

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

2
Analysis Generated
Jul 03, 2026 - 05:46 vuln.today
CVE Published
Jul 03, 2026 - 04:30 cve.org
MEDIUM 5.3

DescriptionCVE.org

The Ninja Forms - File Uploads plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.3.29. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to read all plugin debug log entries stored in the wp_nf3_log table or permanently delete all rows from that table.

AnalysisAI

Authorization bypass in the Ninja Forms - File Uploads WordPress plugin (all versions through 3.3.29) allows unauthenticated remote attackers to read all plugin debug log entries stored in the wp_nf3_log database table or permanently delete every row from that table. The flaw originates from the plugin's failure to verify whether a requesting user holds any authorization before processing debug log actions, as confirmed by Wordfence with a direct reference to the vulnerable DebugLog.php route. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Send unauthenticated HTTP request to DebugLog.php route
Exploit
Plugin skips authorization verification
Execution
Access granted to debug log endpoint
Impact
Read all wp_nf3_log entries or delete entire table

Vulnerability AssessmentAI

Exploitation The Ninja Forms - File Uploads plugin must be installed and active on the WordPress site running version 3.3.29 or earlier. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The official CVSS 3.1 score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) reflects low complexity, no authentication, and no user interaction - meaning exploitation is trivially automatable at scale. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An unauthenticated attacker identifies a WordPress site running Ninja Forms - File Uploads 3.3.29 or earlier, then sends a crafted HTTP request directly to the plugin's debug log endpoint (DebugLog.php) without any session cookie or credential. Because no authorization check is performed, the attacker receives all debug log entries from wp_nf3_log - potentially revealing file paths, form activity metadata, or internal error traces - or issues a delete request to permanently wipe the entire log table, erasing evidence of prior activity.
Remediation Site operators should update the Ninja Forms - File Uploads plugin to a version beyond 3.3.29 as soon as one is available from the WordPress plugin repository; a specific patched release version was not independently confirmed in the available data, so administrators should check the plugin's changelog at https://wordpress.org/plugins/ninja-forms-uploads/#developers for a released fix. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-12557 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy