Integration For Keap Infusionsoft And Contact Form 7 Wpforms Elementor Formidable Ninja Forms
Monthly
Unauthenticated PHP object injection in the WordPress plugin 'Integration for Keap/Infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms' (versions 1.2.1 and earlier) allows remote attackers to inject crafted serialized objects that can be deserialized by the plugin, potentially leading to full site compromise. No public exploit identified at time of analysis, but the CVSS 9.8 score and unauthenticated network attack vector make this a high priority for any WordPress site running the affected plugin. EPSS and CISA KEV data were not provided in the input, so real-world exploitation prevalence is undetermined.
Unauthenticated PHP object injection in the WordPress plugin 'Integration for Keap/Infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms' (versions 1.2.1 and earlier) allows remote attackers to inject crafted serialized objects that can be deserialized by the plugin, potentially leading to full site compromise. No public exploit identified at time of analysis, but the CVSS 9.8 score and unauthenticated network attack vector make this a high priority for any WordPress site running the affected plugin. EPSS and CISA KEV data were not provided in the input, so real-world exploitation prevalence is undetermined.