{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-14067", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-12-04T21:05:58.622Z", "datePublished": "2026-02-14T03:25:27.883Z", "dateUpdated": "2026-04-08T17:06:39.245Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:06:39.245Z"}, "affected": [{"vendor": "hassantafreshi", "product": "Easy Form Builder by WhiteStudio \u2014 Drag & Drop Form Builder", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.9.3", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Easy Form Builder plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple AJAX actions in all versions up to, and including, 3.9.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve sensitive form response data, including messages, admin replies, and user information due to a logic error in the authorization check that uses AND (&&) instead of OR (||)."}], "title": "Easy Form Builder <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Form Response Data Exposure", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8fe397d3-68de-4358-8490-8fbafa1908ef?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/easy-form-builder/trunk/includes/admin/class-Emsfb-admin.php#L709"}, {"url": "https://plugins.trac.wordpress.org/browser/easy-form-builder/tags/3.9.0/includes/admin/class-Emsfb-admin.php#L709"}, {"url": "https://plugins.trac.wordpress.org/changeset/3422020"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Itthidej Aramsri"}], "timeline": [{"time": "2026-02-13T14:26:12.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-17T15:04:22.125769Z", "id": "CVE-2025-14067", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-17T15:04:36.362Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-14067", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-17T15:04:22.125769Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-17T15:04:32.079Z"}}], "cna": {"title": "Easy Form Builder <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Form Response Data Exposure", "credits": [{"lang": "en", "type": "finder", "value": "Itthidej Aramsri"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}}], "affected": [{"vendor": "hassantafreshi", "product": "Easy Form Builder by WhiteStudio \u2014 Drag & Drop Form Builder", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "3.9.3"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-02-13T14:26:12.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8fe397d3-68de-4358-8490-8fbafa1908ef?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/easy-form-builder/trunk/includes/admin/class-Emsfb-admin.php#L709"}, {"url": "https://plugins.trac.wordpress.org/browser/easy-form-builder/tags/3.9.0/includes/admin/class-Emsfb-admin.php#L709"}, {"url": "https://plugins.trac.wordpress.org/changeset/3422020"}], "descriptions": [{"lang": "en", "value": "The Easy Form Builder plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple AJAX actions in all versions up to, and including, 3.9.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve sensitive form response data, including messages, admin replies, and user information due to a logic error in the authorization check that uses AND (&&) instead of OR (||)."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-02-14T03:25:27.883Z"}}}, "cveMetadata": {"cveId": "CVE-2025-14067", "state": "PUBLISHED", "dateUpdated": "2026-02-17T15:04:36.362Z", "dateReserved": "2025-12-04T21:05:58.622Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-02-14T03:25:27.883Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Easy Form Builder plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple AJAX actions in all versions up to, and including, 3.9.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve sensitive form response data, including messages, admin replies, and user information due to a logic error in the authorization check that uses AND (&&) instead of OR (||)."}, {"lang": "es", "value": "El plugin Easy Form Builder para WordPress es vulnerable a acceso no autorizado de datos debido a una comprobaci\u00f3n de capacidad faltante en m\u00faltiples acciones AJAX en todas las versiones hasta, e incluyendo, la 3.9.3. Esto hace posible para atacantes autenticados, con acceso de nivel de Suscriptor y superior, recuperar datos sensibles de respuesta de formulario, incluyendo mensajes, respuestas de administrador, e informaci\u00f3n de usuario debido a un error de l\u00f3gica en la comprobaci\u00f3n de autorizaci\u00f3n que utiliza AND (&amp;&amp;) en lugar de OR (||)."}], "id": "CVE-2025-14067", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2026-02-14T04:15:56.480", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/easy-form-builder/tags/3.9.0/includes/admin/class-Emsfb-admin.php#L709"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/easy-form-builder/trunk/includes/admin/class-Emsfb-admin.php#L709"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3422020"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8fe397d3-68de-4358-8490-8fbafa1908ef?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,*]"}}], "product": "easy_form_builder_by_whitestudio_\u2014_drag_&_drop_form_builder", "vendor": "hassantafreshi"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-21T16:01:21.160670+00:00", "value": {"mitigation_remediation": ["Upgrade Easy Form Builder to the latest available release (v3.9.4 or newer) which implements the proper authorization check.", "If an immediate upgrade is not possible, block subscriber\u2011level access to the plugin\u2019s AJAX endpoints by configuring server\u2011side access control rules or a web\u2011application firewall that filters those requests.", "As a last resort, consider disabling or uninstalling the plugin until the patched version can be deployed, particularly on sites where the risk tolerance for data exposure is low."], "summary": {"action": "Immediate Patch", "impact": "Unauthorized Disclosure of Sensitive Form Data"}, "threat_synthesis": {"affected_systems": "WordPress sites running the Easy Form Builder plugin by WhiteStudio, version 3.9.3 or earlier, are affected.", "description_and_impact": "The vulnerability arises from a missing capability check on multiple AJAX actions within the Easy Form Builder plugin. A logic error causes the plugin to combine the checks with AND instead of OR, resulting in a bypass of the intended authorization. As a consequence, any authenticated user with a Subscriber role or higher can recover private form response data such as submissions, administrator replies, and user identifiers, which constitutes a confidentiality compromise.", "risk_and_exploitability": "The CVSS base score of 5.3 indicates moderate severity, while the EPSS score of less than 1% suggests a low probability of exploitation at this time. The vulnerability is not listed in CISA\u2019s KEV catalog. Attackers must first be authenticated with Subscriber-level access or higher and can then issue AJAX calls to retrieve the data. No external network exposure or code execution is required for exploitation."}}}}, "created": "2026-02-16T12:03:21.361639+00:00", "updated": "2026-04-21T16:15:40.491637+00:00", "vendors": ["hassantafreshi", "hassantafreshi$PRODUCT$easy_form_builder_by_whitestudio_\u2014_drag_&_drop_form_builder", "wordpress", "wordpress$PRODUCT$wordpress"]}