CVE-2025-9083

CVE-2025-9083: Ninja-forms < 3.11.1 - Unauthenticated PHP Objection

Vendor Unknown
Product Ninja Forms
Published September 18, 2025
Last update September 22, 2025

CVSS base score

What the vulnerability does

01Description

The Ninja Forms WordPress plugin before 3.11.1 unserializes user input via form field, which could allow Unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog.

Key dates

02Disclosure timeline

September 18, 2025 CVE published
September 22, 2025 Record updated