CVE-2026-22472
MEDIUMSeverity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
4DescriptionCVE.org
Missing Authorization vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form Builder: from n/a through <= 3.9.6.
AnalysisAI
Missing authorization controls in Easy Form Builder versions 3.9.6 and earlier enable authenticated attackers to exploit improperly configured access restrictions and gain unauthorized capabilities. An attacker with valid credentials can bypass intended security boundaries to read, modify, or delete form data and configurations they should not have access to. No patch is currently available for this vulnerability affecting the Easy Form Builder plugin.
Technical ContextAI
Classified as CWE-862 (Missing Authorization). Affects hassantafreshi Easy Form Builder easy-form-builder. Missing Authorization vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form Builder: from n/a through <= 3.9.6.
Affected ProductsAI
Product: hassantafreshi Easy Form Builder easy-form-builder.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today