Advanced Form Integration Connect Forms To 200 Apps
Monthly
Privilege escalation in the Advanced Form Integration - Connect Forms to 200+ Apps WordPress plugin before 2.1.1 allows unauthenticated visitors to provision a full administrator account through a public form. Because the plugin fails to restrict which WordPress role it assigns during user creation, any site that maps the user-role field to a public form input via an active integration exposes site takeover to anonymous submitters. Publicly available exploit code exists (reported by WPScan), though this is not listed in CISA KEV and requires a specific non-default integration configuration, so real-world exposure is narrower than the 8.1 CVSS suggests.
Privilege escalation in the Advanced Form Integration - Connect Forms to 200+ Apps WordPress plugin before 2.1.1 allows unauthenticated visitors to provision a full administrator account through a public form. Because the plugin fails to restrict which WordPress role it assigns during user creation, any site that maps the user-role field to a public form input via an active integration exposes site takeover to anonymous submitters. Publicly available exploit code exists (reported by WPScan), though this is not listed in CISA KEV and requires a specific non-default integration configuration, so real-world exposure is narrower than the 8.1 CVSS suggests.