Skip to main content

Advanced Form Integration Connect Forms To 200 Apps

1 CVEs product

Monthly

CVE-2026-11794 HIGH POC PATCH This Week

Privilege escalation in the Advanced Form Integration - Connect Forms to 200+ Apps WordPress plugin before 2.1.1 allows unauthenticated visitors to provision a full administrator account through a public form. Because the plugin fails to restrict which WordPress role it assigns during user creation, any site that maps the user-role field to a public form input via an active integration exposes site takeover to anonymous submitters. Publicly available exploit code exists (reported by WPScan), though this is not listed in CISA KEV and requires a specific non-default integration configuration, so real-world exposure is narrower than the 8.1 CVSS suggests.

WordPress Information Disclosure Advanced Form Integration Connect Forms To 200 Apps
NVD WPScan VulDB
CVSS 3.1
8.1
EPSS
0.1%
EPSS 0% CVSS 8.1
HIGH POC PATCH This Week

Privilege escalation in the Advanced Form Integration - Connect Forms to 200+ Apps WordPress plugin before 2.1.1 allows unauthenticated visitors to provision a full administrator account through a public form. Because the plugin fails to restrict which WordPress role it assigns during user creation, any site that maps the user-role field to a public form input via an active integration exposes site takeover to anonymous submitters. Publicly available exploit code exists (reported by WPScan), though this is not listed in CISA KEV and requires a specific non-default integration configuration, so real-world exposure is narrower than the 8.1 CVSS suggests.

WordPress Information Disclosure Advanced Form Integration Connect Forms To 200 Apps
NVD WPScan VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy