Cross-Site Request Forgery in Ninja Forms Plugin for WordPress
Posted: Sat Sep 27, 2025 7:26 am
What is CVE-2025-10499?
The Ninja Forms plugin for WordPress is susceptible to a Cross-Site Request Forgery due to insufficient nonce validation in the maybe_opt_in() function. This flaw enables attackers to potentially opt-in the site for tracking or data collection by executing unauthorized requests. Successful exploitation requires the attacker to deceive a site administrator into interacting with a malicious link.
https://securityvulnerability.io/vulner ... 2025-10499
The Ninja Forms plugin for WordPress is susceptible to a Cross-Site Request Forgery due to insufficient nonce validation in the maybe_opt_in() function. This flaw enables attackers to potentially opt-in the site for tracking or data collection by executing unauthorized requests. Successful exploitation requires the attacker to deceive a site administrator into interacting with a malicious link.
https://securityvulnerability.io/vulner ... 2025-10499