CVE-2025-10498
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-27

Last updated on: 2025-12-23

Assigner: Wordfence

Description
The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.12.0. This is due to missing or incorrect nonce validation when exporting CSV files. This makes it possible for unauthenticated attackers to delete those files granted they can trick an administrator into performing an action such as clicking on a link.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-27
Last Modified
2025-12-23
Generated
2026-05-07
AI Q&A
2025-09-27
EPSS Evaluated
2026-05-05
NVD
CVE-2025-10498
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ninjaforms ninja_forms to 3.12.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a Cross-Site Request Forgery (CSRF) issue in the Ninja Forms WordPress plugin (up to version 3.12.0). It occurs because the plugin does not properly validate nonces when exporting CSV files. As a result, an attacker can trick an administrator into performing actions like deleting CSV files by making them click on a malicious link, even though the attacker is not authenticated.


How can this vulnerability impact me? :

An attacker can cause an administrator to unintentionally delete CSV files by exploiting this vulnerability. This could lead to loss of important data stored in those files, potentially disrupting operations or causing inconvenience.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart