Skip to main content

Ws Form Lite

1 CVEs product

Monthly

CVE-2026-11562 MEDIUM POC PATCH This Month

Missing capability check in WS Form LITE WordPress plugin before 1.11.8 allows any authenticated subscriber-level WordPress user to modify the plugin's settings, an action that should be restricted to administrators. The CVSS vector (PR:L) confirms low-privilege authentication is sufficient, and a publicly available proof-of-concept has been documented by WPScan. No active exploitation has been confirmed by CISA KEV, but the low barrier to exploitation and available POC make this a credible risk on multi-user WordPress installations where untrusted subscribers exist.

WordPress Information Disclosure Ws Form Lite
NVD WPScan VulDB
CVSS 3.1
4.3
EPSS
0.2%
EPSS 0% CVSS 4.3
MEDIUM POC PATCH This Month

Missing capability check in WS Form LITE WordPress plugin before 1.11.8 allows any authenticated subscriber-level WordPress user to modify the plugin's settings, an action that should be restricted to administrators. The CVSS vector (PR:L) confirms low-privilege authentication is sufficient, and a publicly available proof-of-concept has been documented by WPScan. No active exploitation has been confirmed by CISA KEV, but the low barrier to exploitation and available POC make this a credible risk on multi-user WordPress installations where untrusted subscribers exist.

WordPress Information Disclosure Ws Form Lite
NVD WPScan VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy