Ninja Forms < 3.13.3 - Unauthenticated Token Generation and Submission...

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Description

The Ninja Forms WordPress plugin before 3.13.3 allows unauthenticated attackers to generate valid access tokens via the REST API which can then be used to read form submissions.

Basic Information

ID CVE-2025-14072

Source WPScan

Published Jan 2, 2026 at 06:00

Modified Jan 2, 2026 at 21:12

Affected Product

Vendor Unknown

Product Ninja Forms

Affected Versions Unknown Ninja Forms 0

CWE Classification

References

wpscan.com /vulnerability/4b19a333-eb19-4903-aa96-1fe871dd0f9f/

{
    "lastseen": "",
    "description": "The Ninja Forms  WordPress plugin before 3.13.3 allows unauthenticated attackers to generate valid access tokens via the REST API which can then be used to read form submissions.",
    "published": "2026-01-02T06:00:12.069Z",
    "modified": "2026-01-02T21:12:38.430Z",
    "type": "cve",
    "title": "Ninja Forms < 3.13.3 - Unauthenticated Token Generation and Submission Disclosure",
    "source": "WPScan",
    "references": "https://wpscan.com/vulnerability/4b19a333-eb19-4903-aa96-1fe871dd0f9f/",
    "id": "CVE-2025-14072",
    "bulletinFamily": "",
    "cwe": [
        ""
    ],
    "cvelist": null,
    "sourceData": "Unknown Ninja Forms 0",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Ninja Forms",
    "version": "0",
    "vendor": "Unknown",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Ninja Forms < 3.13.3 - Unauthenticated Token Generation and Submission Disclosure_CVE-2025-14072