CVE-2025-14067
BaseFortify
Publication date: 2026-02-14
Last updated on: 2026-02-18
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The Easy Form Builder plugin for WordPress has a vulnerability due to a missing capability check on multiple AJAX actions in all versions up to and including 3.9.3. This flaw arises from a logic error in the authorization check that uses AND (&&) instead of OR (||), allowing authenticated attackers with Subscriber-level access or higher to retrieve sensitive form response data.
- Attackers can access sensitive data such as messages, admin replies, and user information without proper authorization.
How can this vulnerability impact me? :
This vulnerability allows attackers with low-level authenticated access (Subscriber-level and above) to bypass intended permission checks and access sensitive form data.
- Exposure of sensitive form response data including user messages and admin replies.
- Potential leakage of personal user information submitted through forms.
- Compromise of data confidentiality without impacting data integrity or availability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "This vulnerability involves unauthorized access to sensitive form response data via AJAX actions in the Easy Form Builder WordPress plugin versions up to 3.9.3. Detection can focus on monitoring AJAX requests to the plugin's endpoints that handle form data retrieval or management."}, {'type': 'paragraph', 'content': 'You can detect potential exploitation attempts by inspecting HTTP requests for AJAX calls related to Easy Form Builder, especially those made by users with Subscriber-level access or higher.'}, {'type': 'paragraph', 'content': 'Suggested commands to detect suspicious activity include:'}, {'type': 'list_item', 'content': 'Using web server logs (e.g., Apache or Nginx) to search for AJAX requests to endpoints like `wp-admin/admin-ajax.php` with actions related to Easy Form Builder, for example, filtering requests containing parameters such as `action=update_form_Emsfb` or `action=remove_id_Emsfb`.'}, {'type': 'list_item', 'content': "Example command to search Apache logs for suspicious AJAX calls: `grep 'admin-ajax.php' /var/log/apache2/access.log | grep 'action=update_form_Emsfb'`"}, {'type': 'list_item', 'content': 'Using WordPress debugging or logging plugins to monitor AJAX requests and user capabilities to detect unauthorized access attempts.'}, {'type': 'list_item', 'content': 'Monitoring database queries or changes to tables related to Easy Form Builder forms and messages, such as those prefixed with `emsfb_`, to identify unauthorized data retrieval or modification.'}] [2, 3]
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to update the Easy Form Builder plugin to version 3.9.4 or later, where the vulnerability has been fixed by enforcing strict nonce and user permission checks on all AJAX actions.
If immediate updating is not possible, consider the following temporary measures:
- Restrict access to the WordPress admin AJAX endpoints for users with Subscriber-level access or lower by adjusting user roles or permissions.
- Implement web application firewall (WAF) rules to block suspicious AJAX requests targeting Easy Form Builder plugin actions.
- Disable or deactivate the Easy Form Builder plugin until a secure version can be installed.
- Monitor logs for suspicious activity and unauthorized access attempts as a detection and response measure.