cleantalk
Vulnerabilities and Security Researches

Easy Form Builder, CVE-2025-14067

CVE, Research URL

CVE-2025-14067

Home page URL

Security reports for Easy Form Builder

Application

Easy Form Builder

Published on
Feb 14, 2026
Research Description
The Easy Form Builder plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple AJAX actions in all versions up to, and including, 3.9.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve sensitive form response data, including messages, admin replies, and user information due to a logic error in the authorization check that uses AND (&&) instead of OR (||).
Affected versions
max 3.9.4.
Status
vulnerable
Previous vulnerability researches
Form Builder CP (CVE-2022-2567) , Jun 07, 2024
Form Builder CP (CVE-2024-13680) , Jan 26, 2025
Form Builder CP (CVE-2025-24672) , Jan 26, 2025
Easy Form Builder (CVE-2024-30535) , Jun 07, 2024
Easy Form Builder (CVE-2022-3906) , Jun 07, 2024
New vulnerability
Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder (CVE-2025-69001) , Feb 27, 2026
Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder (CVE-2026-25313) , Feb 27, 2026
Advanced Custom Fields: Font Awesome Field (CVE-2025-14983) , Feb 27, 2026
Shield Security – Smart Bot Blocking & Intrusion Prevention Security (CVE-2025-14427) , Feb 27, 2026
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login (CVE-2025-15520) , Feb 27, 2026