Leadlovers Forms

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-39657 MEDIUM This Month

Leadlovers Forms WordPress plugin versions 1.0.2 and earlier allow unauthenticated remote attackers to bypass access controls and read sensitive information through incorrectly configured authorization checks. The vulnerability exposes confidential data without requiring authentication or user interaction, affecting the forms plugin deployed across WordPress installations. While the EPSS score of 0.02% suggests minimal exploitation probability, the unauthenticated attack vector and lack of user interaction make this a straightforward access control flaw that could enable information disclosure.

Authentication Bypass Leadlovers Forms
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-39657
EPSS 0% CVSS 5.3
MEDIUM This Month

Leadlovers Forms WordPress plugin versions 1.0.2 and earlier allow unauthenticated remote attackers to bypass access controls and read sensitive information through incorrectly configured authorization checks. The vulnerability exposes confidential data without requiring authentication or user interaction, affecting the forms plugin deployed across WordPress installations. While the EPSS score of 0.02% suggests minimal exploitation probability, the unauthenticated attack vector and lack of user interaction make this a straightforward access control flaw that could enable information disclosure.

Authentication Bypass Leadlovers Forms
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy