Authorization Bypass in Ninja Forms - File Uploads Plugin for WordPress
CVE-2026-12557
5.3MEDIUM
What is CVE-2026-12557?
The Ninja Forms - File Uploads plugin for WordPress is susceptible to an authorization bypass issue present in all versions up to and including 3.3.29. This vulnerability arises from the plugin's failure to adequately ensure that users are authorized for specific actions, which empowers unauthenticated attackers to access sensitive information from plugin debug logs and potentially delete those entries from the database.
Affected Version(s)
Ninja Forms - File Uploads 0 <= 3.3.29