Wp Zendesk For Contact Form 7 Wpforms Elementor Formidable And Ninja Forms
Monthly
Unauthenticated PHP Object Injection in the CRM Perks 'WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms' WordPress plugin (versions 1.1.4 and earlier) allows remote attackers to inject crafted serialized PHP objects into the application, potentially leading to remote code execution, data theft, or site takeover when a suitable POP gadget chain is present. The flaw is reported by Patchstack and carries a 9.8 CVSS score with network-reachable, no-privilege, no-interaction characteristics. No public exploit identified at time of analysis.
Unauthenticated PHP Object Injection in the CRM Perks 'WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms' WordPress plugin (versions 1.1.4 and earlier) allows remote attackers to inject crafted serialized PHP objects into the application, potentially leading to remote code execution, data theft, or site takeover when a suitable POP gadget chain is present. The flaw is reported by Patchstack and carries a 9.8 CVSS score with network-reachable, no-privilege, no-interaction characteristics. No public exploit identified at time of analysis.