CVE-2025-14072

Summary

The Ninja Forms WordPress plugin before 3.13.3 allows unauthenticated attackers to generate valid access tokens via the REST API which can then be used to read form submissions.

Affected Software

VendorProductVersion RangeStatus
UnknownNinja Forms0 < 3.13.3affected

Weaknesses

  • CWE-287 Improper Authentication

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References