← Volver a CVEs
CVE-2025-14072
MEDIUM5.3
Descripcion
The Ninja Forms WordPress plugin before 3.13.3 allows unauthenticated attackers to generate valid access tokens via the REST API which can then be used to read form submissions.
Detalles CVE
Puntuacion CVSS v3.15.3
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado1/2/2026
Ultima modificacion1/9/2026
Fuentenvd
Avistamientos honeypot0
Productos afectados
ninjaforms:ninja_forms
Referencias
https://wpscan.com/vulnerability/4b19a333-eb19-4903-aa96-1fe871dd0f9f/(contact@wpscan.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.