Severity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Network-reachable and unauthenticated (AV:N/PR:N), but the required non-default role-to-public-field mapping makes it AC:H; successful admin creation yields total C:H/I:H/A:H.
Primary rating from Vendor (WPScan).
CVSS VectorVendor: WPScan
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
5DescriptionCVE.org
The Advanced Form Integration - Connect Forms to 200+ Apps WordPress plugin before 2.1.1 does not restrict the WordPress role assigned when it creates a user from a public form submission, allowing unauthenticated visitors to create an administrator account when an active integration maps the user role to a public form field. This requires a specific, non-default multi-Advanced Form Integration - Connect Forms to 200+ Apps WordPress plugin before 2.1.1 configuration.
Articles & Coverage 1
AnalysisAI
Privilege escalation in the Advanced Form Integration - Connect Forms to 200+ Apps WordPress plugin before 2.1.1 allows unauthenticated visitors to provision a full administrator account through a public form. Because the plugin fails to restrict which WordPress role it assigns during user creation, any site that maps the user-role field to a public form input via an active integration exposes site takeover to anonymous submitters. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that the site have an ACTIVE Advanced Form Integration integration in which the WordPress user-role field is mapped to a PUBLIC form field - a specific, explicitly non-default configuration called out in the CVE description. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals are moderately consistent but point to conditional rather than blanket risk. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | On a WordPress site running the plugin with an integration that maps the user-role field to a public form input, an anonymous attacker submits the form supplying 'administrator' as the role value. The plugin creates a new administrator account without authentication or approval, granting the attacker full control of the site; a public PoC from WPScan lowers the skill barrier, though the attacker must first identify a site whose integration is mis-configured this way. |
| Remediation | Vendor-released patch: 2.1.1 - update the Advanced Form Integration plugin to version 2.1.1 or later, which restricts the role assignable during form-driven user creation. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Audit all Advanced Form Integration form configurations across your WordPress instances to identify any that expose WordPress user-role fields to public form submissions; document affected integrations. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40918
GHSA-cp9r-mj2w-vwpx