Skip to main content

Advanced Forms

2 CVEs product

Monthly

CVE-2026-57378 HIGH This Week

Broken access control in the Phil Kurth "Advanced Forms" WordPress plugin (all versions up to and including 1.9.3.7) lets remote unauthenticated attackers reach a form-handling function that fails to verify authorization, enabling unauthorized modification of form data or settings. The CVSS 3.1 score is 7.5 with integrity-only impact and no confidentiality or availability loss. Reported by Patchstack; no public exploit identified at time of analysis and not listed in CISA KEV.

Authentication Bypass Advanced Forms
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2021-24892 HIGH POC PATCH This Week

Insecure Direct Object Reference in edit function of Advanced Forms (Free & Pro) before 1.6.9 allows authenticated remote attacker to change arbitrary user's email address and request for reset. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress Authentication Bypass Advanced Forms
NVD GitHub WPScan
CVSS 3.1
8.8
EPSS
1.8%
EPSS 0% CVSS 7.5
HIGH This Week

Broken access control in the Phil Kurth "Advanced Forms" WordPress plugin (all versions up to and including 1.9.3.7) lets remote unauthenticated attackers reach a form-handling function that fails to verify authorization, enabling unauthorized modification of form data or settings. The CVSS 3.1 score is 7.5 with integrity-only impact and no confidentiality or availability loss. Reported by Patchstack; no public exploit identified at time of analysis and not listed in CISA KEV.

Authentication Bypass Advanced Forms
NVD
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

Insecure Direct Object Reference in edit function of Advanced Forms (Free & Pro) before 1.6.9 allows authenticated remote attacker to change arbitrary user's email address and request for reset. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress Authentication Bypass Advanced Forms
NVD GitHub WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy