CVE-2025-14072

medium

Description

The Ninja Forms WordPress plugin before 3.13.3 allows unauthenticated attackers to generate valid access tokens via the REST API which can then be used to read form submissions.

References

https://wpscan.com/vulnerability/4b19a333-eb19-4903-aa96-1fe871dd0f9f/

Details

Source: Mitre, NVD

Published: 2026-01-02

Updated: 2026-01-09

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N