CVE-2025-14072
BaseFortify
Publication date: 2026-01-02
Last updated on: 2026-01-02
Assigner: WPScan
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wpninjas | ninja_forms | to 3.13.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of sensitive form submission data, as attackers can access all submissions for targeted forms without any authentication. This could expose personal, confidential, or sensitive information submitted through Ninja Forms, potentially leading to privacy breaches, data theft, and reputational damage for affected websites. [1]
Can you explain this vulnerability to me?
CVE-2025-14072 is a vulnerability in the Ninja Forms WordPress plugin versions before 3.13.3 that allows unauthenticated attackers to generate valid access tokens via the REST API. Attackers can send a POST request with form IDs to the `/ninja-forms-views/token/refresh` endpoint to obtain tokens that include a public key and expire after 900 seconds. These tokens can then be used in the `X-NinjaFormsViews-Auth` header to access the `/ninja-forms-views/forms/{formID}/submissions` endpoint and retrieve all submissions for the targeted form without authentication. This results in complete disclosure of form submission data and is classified as an authentication bypass vulnerability (CWE-287). [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by attempting to generate a valid access token via the REST API without authentication. Specifically, send a POST request to the endpoint `/ninja-forms-views/token/refresh` with form ID(s) as parameters. For example, using curl: `curl -X POST https://yourwordpresssite.com/wp-json/ninja-forms-views/token/refresh -d 'formID=1'`. If a valid token is returned, the system is vulnerable. Additionally, you can check for unauthorized access attempts to `/ninja-forms-views/forms/{formID}/submissions` endpoints using the `X-NinjaFormsViews-Auth` header with such tokens. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the Ninja Forms WordPress plugin to version 3.13.3 or later, where this vulnerability is fixed. Until the update can be applied, restrict access to the REST API endpoints `/ninja-forms-views/token/refresh` and `/ninja-forms-views/forms/{formID}/submissions` via firewall rules or other access controls to prevent unauthenticated token generation and data disclosure. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthenticated attackers to access and disclose form submission data, which may include personal or sensitive information. This unauthorized data exposure can lead to non-compliance with data protection regulations such as GDPR and HIPAA, which require safeguarding personal data against unauthorized access and ensuring confidentiality and integrity of such information. [1]