Skip to main content

Ultra Addons For Wpforms

1 CVEs product

Monthly

CVE-2026-39594 MEDIUM This Month

Broken access control in Ultra Addons for WPForms (WordPress plugin by Themefic) through version 1.0.11 allows authenticated subscriber-level users to perform privileged actions beyond their intended role. The vulnerability stems from missing authorization checks (CWE-862), enabling a low-privilege attacker with only a subscriber account to manipulate plugin functionality in ways restricted to higher-privilege roles such as administrators or editors. With a CVSS 3.1 score of 6.4 Medium and a scope-changed vector, the impact extends beyond the plugin itself to affect WordPress site integrity and availability. No public exploit code and no confirmed active exploitation have been identified at time of analysis.

Authentication Bypass Ultra Addons For Wpforms
NVD
CVSS 3.1
6.4
EPSS
0.3%
EPSS 0% CVSS 6.4
MEDIUM This Month

Broken access control in Ultra Addons for WPForms (WordPress plugin by Themefic) through version 1.0.11 allows authenticated subscriber-level users to perform privileged actions beyond their intended role. The vulnerability stems from missing authorization checks (CWE-862), enabling a low-privilege attacker with only a subscriber account to manipulate plugin functionality in ways restricted to higher-privilege roles such as administrators or editors. With a CVSS 3.1 score of 6.4 Medium and a scope-changed vector, the impact extends beyond the plugin itself to affect WordPress site integrity and availability. No public exploit code and no confirmed active exploitation have been identified at time of analysis.

Authentication Bypass Ultra Addons For Wpforms
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy