CVE-2025-14072

Medium CVSS: 5.3

The Ninja Forms WordPress plugin before 3.13.3 allows unauthenticated attackers to generate valid access tokens via the REST API which can then be used to read form submissions.

Vendor

Ninjaforms

Product

Ninja Forms

CWE

NVD-CWE-Other

Yayın Tarihi

2026-01-02 06:15:53

Güncelleme

2026-01-09 13:58:47

Source Identifier

contact@wpscan.com

KEV Date Added

Kategoriler

NVD-CWE-Other Ninja Forms MEDIUM Ninjaforms 2026

Referanslar

https://wpscan.com/vulnerability/4b19a333-eb19-4903-aa96-1fe871dd0f9f/

Benzer Kayıtlar

High

CVE-2025-11924

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Insecure Direct Obj…

Medium

CVE-2025-10499

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Cross-Site Request…

Medium

CVE-2025-10498

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Cross-Site Request…

Critical

CVE-2025-9083

The Ninja Forms WordPress plugin before 3.11.1 unserializes user input via form field, which could allow Unauthenticate…

Medium

CVE-2025-5398

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site S…

Medium

CVE-2025-2524

The Ninja Forms WordPress plugin before 3.10.1 does not sanitise and escape some of its settings, which could allow hig…