CVE Catalog
CVE-2026-48835
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk0.31%
22th percentile - higher than 22% of all known CVEs
Summary
In WPForms versions <= 1.10.0.4, there is an issue with unauthenticated access to the contact form, leading to broken access control.
Risk Assessment
Organizations may be exposed to unauthorized access to user data, potentially leading to information leakage.
Recommendation
It is recommended to update WPForms to the latest version to mitigate this vulnerability.
Original NVD description (English source)
Unauthenticated Broken Access Control in Contact Form by WPForms <= 1.10.0.4 versions.

