Authorization Bypass in Ninja Forms - File Uploads Plugin for WordPress
CVE-2026-12557

5.3MEDIUM

Key Information:

Vendor

WordPress

Vendor
CVE Published:
3 July 2026

What is CVE-2026-12557?

The Ninja Forms - File Uploads plugin for WordPress is susceptible to an authorization bypass issue present in all versions up to and including 3.3.29. This vulnerability arises from the plugin's failure to adequately ensure that users are authorized for specific actions, which empowers unauthenticated attackers to access sensitive information from plugin debug logs and potentially delete those entries from the database.

Affected Version(s)

Ninja Forms - File Uploads 0 <= 3.3.29

References

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Ad4m5
.