CVE-2025-14072

Name of the Vulnerable Software and Affected Versions Ninja Forms WordPress plugin versions prior to 3.13.3

Description An unauthenticated attacker can generate valid access tokens through the REST API. These tokens can then be used to read form submissions. The affected API endpoint allows access token generation without authentication. The vulnerable parameter is not specified.

Recommendations Update to version 3.13.3 or later.