CVE-2025-14072

CVSS Score & Metrics

Base Score

5.3 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N                                    

Vulnerability Description

The Ninja Forms WordPress plugin before 3.13.3 allows unauthenticated attackers to generate valid access tokens via the REST API which can then be used to read form submissions.

Vulnerability Details

Published Date

January 02, 2026

Last Modified

January 09, 2026

CWE ID

NVD-CWE-Other

Source

NVD

Vendor

ninjaforms

Product

ninja_forms

External References

https://wpscan.com/vulnerability/4b19a333-eb19-4903-aa96-1fe871dd0f9f/

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment