CVE Catalog

CVE-2026-11562

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.16%

6th percentile — higher than 6% of all known CVEs

Summary

The WS Form LITE WordPress plugin before version 1.11.8 lacks a capability check on one of its settings-update actions, allowing authenticated users with subscriber-level access and above to modify the plugin's settings.

Risk Assessment

The risk is that an attacker with low privileges (e.g., subscriber) can alter the plugin configuration, potentially leading to unauthorized data access or further privilege escalation within the WordPress environment.

Recommendation

It is recommended to immediately update the WS Form LITE plugin to version 1.11.8 or later, which includes proper capability checks.

Original NVD description (English source)

The WS Form LITE WordPress plugin before 1.11.8 does not have a capability check on one of its settings-update actions, allowing authenticated users with subscriber-level access and above to modify the WS Form LITE WordPress plugin before 1.11.8's settings.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS