Authorization Bypass Vulnerability in Forminator Forms Plugin for WordPress
CVE-2025-14782
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 9 January 2026
What is CVE-2025-14782?
The Forminator Forms plugin for WordPress is susceptible to an authorization bypass vulnerability due to inadequate checks in the 'listen_for_csv_export' function. As a result, authenticated users with access to the Forminator dashboard can exploit this weakness to export sensitive form submission data, including personally identifiable information. This vulnerability poses a significant risk as it allows unauthorized access to confidential data without proper verification of user permissions.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Forminator Forms β Contact Form, Payment Form & Custom Form Builder * <= 1.49.1
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved