EUVD-2025-198533

🗓️ 22 Nov 2025 09:31:03Reported by EUVDType

GSheetConnector for Ninja Forms has unauthorized data access due to missing capability check.

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2025-13136	22 Nov 202509:19	–	circl
CNNVD	WordPress plugin GSheetConnector For Ninja Forms 安全漏洞	22 Nov 202500:00	–	cnnvd
CVE	CVE-2025-13136	22 Nov 202508:30	–	cve
Cvelist	CVE-2025-13136 GSheetConnector For Ninja Forms <= 2.0.1 - Missing Authorization to Authenticated (Subscriber+) System Information Exposure	22 Nov 202508:30	–	cvelist
NVD	CVE-2025-13136	22 Nov 202509:15	–	nvd
Patchstack	WordPress GSheetConnector For Ninja Forms plugin <= 2.0.1 - Missing Authorization to Authenticated (Subscriber+) System Information Exposure vulnerability	22 Nov 202500:03	–	patchstack
Positive Technologies	PT-2025-47833	22 Nov 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-13136	23 Nov 202509:40	–	redhatcve
Vulnrichment	CVE-2025-13136 GSheetConnector For Ninja Forms <= 2.0.1 - Missing Authorization to Authenticated (Subscriber+) System Information Exposure	22 Nov 202508:30	–	vulnrichment
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (November 17, 2025 to November 23, 2025)	26 Nov 202515:02	–	wordfence

[
  {
    "enisaIdVendor": [
      {
        "id": "bc9c57f2-3148-3e93-a266-571e3c52980f",
        "vendor": {
          "name": "westerndeal"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "29b2d66a-7ccf-33ca-8176-8887856b5592",
        "product": {
          "name": "GSheetConnector For Ninja Forms"
        },
        "product_version": "* ≤2.0.1"
      }
    ]
  }
]

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/5770cb94-8603-44d9-8cda-925175851b51
plugins	www.plugins.trac.wordpress.org/changeset
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-13136

22 Nov 2025 09:31Current

4.5Medium risk

Vulners AI Score4.5

CVSS 3.14.3

EPSS0.0004