CVE-2026-11562
The WS Form LITE WordPress plugin before 1.11.8 does not have a capability check on one of its settings-update actions, allowing authentica
CVSS
4.3
Medium
EPSS
0.2%
p6
KEV
—
Exploit Today
2
0-100
Published: Jul 1, 2026 · Last modified: Jul 1, 2026
0.2%EPSS · 30 days0.2%
2026-07-012026-07-17
The WS Form LITE WordPress plugin before 1.11.8 does not have a capability check on one of its settings-update actions, allowing authenticated users with subscriber-level access and above to modify the WS Form LITE WordPress plugin before 1.11.8's settings.
No related CVEs by CWE or product.