Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
C:L added for debug log read exposure; A:L added for permanent deletion of all log table rows; PR:N confirmed by unauthenticated nature of bypass.
Primary rating from Vendor (Wordfence).
CVSS VectorVendor: Wordfence
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
The Ninja Forms - File Uploads plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.3.29. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to read all plugin debug log entries stored in the wp_nf3_log table or permanently delete all rows from that table.
AnalysisAI
Authorization bypass in the Ninja Forms - File Uploads WordPress plugin (all versions through 3.3.29) allows unauthenticated remote attackers to read all plugin debug log entries stored in the wp_nf3_log database table or permanently delete every row from that table. The flaw originates from the plugin's failure to verify whether a requesting user holds any authorization before processing debug log actions, as confirmed by Wordfence with a direct reference to the vulnerable DebugLog.php route. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The Ninja Forms - File Uploads plugin must be installed and active on the WordPress site running version 3.3.29 or earlier. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The official CVSS 3.1 score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) reflects low complexity, no authentication, and no user interaction - meaning exploitation is trivially automatable at scale. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An unauthenticated attacker identifies a WordPress site running Ninja Forms - File Uploads 3.3.29 or earlier, then sends a crafted HTTP request directly to the plugin's debug log endpoint (DebugLog.php) without any session cookie or credential. Because no authorization check is performed, the attacker receives all debug log entries from wp_nf3_log - potentially revealing file paths, form activity metadata, or internal error traces - or issues a delete request to permanently wipe the entire log table, erasing evidence of prior activity. |
| Remediation | Site operators should update the Ninja Forms - File Uploads plugin to a version beyond 3.3.29 as soon as one is available from the WordPress plugin repository; a specific patched release version was not independently confirmed in the available data, so administrators should check the plugin's changelog at https://wordpress.org/plugins/ninja-forms-uploads/#developers for a released fix. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Ninja Forms File Uploads
View allThe Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to arbitrary file uploads due to insufficient in
Path Traversal and Unrestricted File Upload exists in the Ninja Forms plugin before 3.0.23 for WordPress (when the Uploa
Arbitrary file read in the Ninja Forms - File Uploads WordPress add-on (versions ≤ 3.3.29) lets unauthenticated remote a
The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to reflected cross-site scripting due to missing
The Ninja Forms - File Uploads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded file (e
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-41484
GHSA-p624-2chq-cjc7