Login Sign Up

CVE-2025-14067

5.3 MEDIUM
Authentication Bypass

📋 TL;DR

The Easy Form Builder WordPress plugin has an authorization bypass vulnerability that allows authenticated users with Subscriber-level access or higher to access sensitive form response data. This includes messages, admin replies, and user information due to a logic error in authorization checks. All WordPress sites using this plugin up to version 3.9.3 are affected.

💻 Affected Systems

Products:
  • WordPress Easy Form Builder plugin
Versions: All versions up to and including 3.9.3
Operating Systems: Any OS running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Requires WordPress installation with Easy Form Builder plugin enabled. Any authenticated user (Subscriber role or higher) can exploit this vulnerability.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could exfiltrate all form submission data containing sensitive personal information, messages, and admin responses, potentially leading to data breaches and privacy violations.

🟠

Likely Case

Low-privilege authenticated users accessing form data they shouldn't have permission to view, compromising user privacy and potentially exposing sensitive communications.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to unauthorized data viewing without modification or deletion capabilities.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access but is straightforward due to the simple logic error. The vulnerability is publicly documented with code references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.9.4 or later

Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3422020

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Easy Form Builder and click 'Update Now'. 4. Verify plugin version is 3.9.4 or higher.

🔧 Temporary Workarounds

Disable vulnerable AJAX endpoints

all

Temporarily block access to vulnerable AJAX actions via .htaccess or web server configuration

# Add to .htaccess for Apache:
<Files "admin-ajax.php">
    <IfModule mod_authz_core.c>
        Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
        Order deny,allow
        Deny from all
    </IfModule>
</Files>
# For Nginx:
location ~* /wp-admin/admin-ajax.php {
    deny all;
}

Remove Subscriber role access

linux

Temporarily restrict Subscriber role users from accessing the site

# WordPress CLI command to remove all Subscriber users:
wp user list --role=subscriber --field=ID | xargs wp user delete --yes

🧯 If You Can't Patch

  • Disable the Easy Form Builder plugin completely until patched
  • Implement strict network segmentation to limit access to WordPress admin areas

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → Easy Form Builder → Version. If version is 3.9.3 or lower, you are vulnerable.

Check Version:

wp plugin get easy-form-builder --field=version

Verify Fix Applied:

After updating, verify plugin version shows 3.9.4 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

  • Unusual AJAX requests to admin-ajax.php from Subscriber-level users
  • Multiple requests to form data endpoints from non-admin users
  • Access patterns showing users viewing forms they shouldn't have access to

Network Indicators:

  • HTTP POST requests to /wp-admin/admin-ajax.php with action parameters related to form data retrieval
  • Unusual data export patterns from form endpoints

SIEM Query:

source="wordpress.log" AND (uri_path="/wp-admin/admin-ajax.php") AND (user_role="subscriber" OR user_role="contributor") AND (http_method="POST") AND (form_data_action="*form*" OR form_data_action="*response*")

📊 Metadata

CVE ID: CVE-2025-14067
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE: CWE-862
EPSS Score: 0.03% exploit probability (8.1th percentile)
Published: February 14, 2026
Last Updated: February 18, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-14067, you might also want to check these:

CVE-2024-6071 10.0

CVE-2024-6071 is a critical remote code execution vulnerability in PTC Creo Elements/Direct License ...

Same vulnerability type (CWE-862)
CVE-2022-0543 10.0

CVE-2022-0543 is a critical Lua sandbox escape vulnerability in Redis on Debian-based systems that a...

Same vulnerability type (CWE-862)
CVE-2024-6500 10.0

This vulnerability allows unauthenticated attackers to read and delete arbitrary files on WordPress ...

Same vulnerability type (CWE-862)