SQL Injection Vulnerability in Ninja Forms Views by WordPress
CVE-2026-42741

8.5HIGH

Key Information:

Vendor: WordPress
Status: Ninja Forms Views – Display & Edit Ninja Forms Submissions On Your Site Frontend
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-42741?

An SQL Injection vulnerability has been identified in the Ninja Forms Views plugin, which can allow attackers to execute unauthorized SQL commands on your WordPress site. This issue impacts versions of the plugin up to 3.3.2, enabling blind SQL injection attacks that could compromise sensitive data and lead to further security risks. It is crucial for website administrators using this plugin to apply any available updates and adopt security measures to mitigate potential threats.

Affected Version(s)

Ninja Forms Views – Display & Edit Ninja Forms Submissions on your site frontend 0 <= 3.3.2

References

https://patchstack.com/database/Wordpress/Plugin/views-fo...

vdb-entry

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Apr 29, 2026

Credit

dodoh4t | Patchstack Bug Bounty Program

CVE-2026-42741 Data

JSON