CVE-2026-11794
The Advanced Form Integration — Connect Forms to 200+ Apps WordPress plugin before 2.1.1 does not restrict the WordPress role assigned when
CVSS
8.1
Alto
EPSS
0.2%
p15
KEV
—
Exploit Today
4
0-100
Publicado: 1 jul 2026 · Última mod.: 1 jul 2026
0.1%EPSS · 30 días0.2%
2026-07-012026-07-18
The Advanced Form Integration — Connect Forms to 200+ Apps WordPress plugin before 2.1.1 does not restrict the WordPress role assigned when it creates a user from a public form submission, allowing unauthenticated visitors to create an administrator account when an active integration maps the user role to a public form field. This requires a specific, non-default multi-Advanced Form Integration — Connect Forms to 200+ Apps WordPress plugin before 2.1.1 configuration.
Sin CVEs relacionados por CWE o producto.