Skip to main content

Wp Insightly For Contact Form 7 Wpforms Elementor Formidable And Ninja Forms

2 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-49085 CRITICAL Act Now

Unauthenticated PHP object injection in the WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms WordPress plugin (versions <= 1.1.4) allows remote attackers to deliver crafted serialized payloads that the plugin deserializes without validation. Successful exploitation can lead to remote code execution, data tampering, or full site compromise when a suitable POP (property-oriented programming) gadget chain is available in WordPress core, the active theme, or any installed plugin. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

PHP Deserialization Wp Insightly For Contact Form 7 Wpforms Elementor Formidable And Ninja Forms
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2026-32527 MEDIUM This Month

WP Insightly plugin versions 1.1.5 and earlier for Contact Form 7, WPForms, Elementor, Formidable, and Ninja Forms contain an authorization bypass that allows unauthenticated attackers to modify data through misconfigured access controls. An attacker can exploit this vulnerability to perform unauthorized actions on forms and contacts without proper permissions. No patch is currently available.

Authentication Bypass Wp Insightly For Contact Form 7 Wpforms Elementor Formidable And Ninja Forms
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-49085
EPSS 0% CVSS 9.8
CRITICAL Act Now

Unauthenticated PHP object injection in the WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms WordPress plugin (versions <= 1.1.4) allows remote attackers to deliver crafted serialized payloads that the plugin deserializes without validation. Successful exploitation can lead to remote code execution, data tampering, or full site compromise when a suitable POP (property-oriented programming) gadget chain is available in WordPress core, the active theme, or any installed plugin. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

PHP Deserialization Wp Insightly For Contact Form 7 Wpforms Elementor Formidable And Ninja Forms
NVD
CVE-2026-32527
EPSS 0% CVSS 6.5
MEDIUM This Month

WP Insightly plugin versions 1.1.5 and earlier for Contact Form 7, WPForms, Elementor, Formidable, and Ninja Forms contain an authorization bypass that allows unauthenticated attackers to modify data through misconfigured access controls. An attacker can exploit this vulnerability to perform unauthorized actions on forms and contacts without proper permissions. No patch is currently available.

Authentication Bypass Wp Insightly For Contact Form 7 Wpforms Elementor Formidable And Ninja Forms
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy