EUVD-2026-29450
GHSA-rvq8-mhp5-38gf
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
Lifecycle Timeline
2DescriptionNVD
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aman Ninja Forms Views – Display & Edit Ninja Forms Submissions on your site frontend views-for-ninja-forms allows Blind SQL Injection.This issue affects Ninja Forms Views – Display & Edit Ninja Forms Submissions on your site frontend: from n/a through <= 3.3.2.
AnalysisAI
Blind SQL injection in Ninja Forms Views plugin (versions ≤3.3.2) allows authenticated attackers with low-level privileges to extract sensitive database information via specially crafted queries. The vulnerability carries an 8.5 CVSS score with scope change, enabling attackers to access data beyond the plugin's normal authorization boundaries. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Identify all WordPress installations running Ninja Forms Views and document current plugin version via admin dashboard. Within 7 days: Disable or deactivate Ninja Forms Views plugin on all affected installations as interim mitigation, or restrict user role assignments to prevent low-privilege user access to the plugin's functionality. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today