CVE Catalog

CVE-2026-48835

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.31%

22th percentile - higher than 22% of all known CVEs

Summary

In WPForms versions <= 1.10.0.4, there is an issue with unauthenticated access to the contact form, leading to broken access control.

Risk Assessment

Organizations may be exposed to unauthorized access to user data, potentially leading to information leakage.

Recommendation

It is recommended to update WPForms to the latest version to mitigate this vulnerability.

Original NVD description (English source)

Unauthenticated Broken Access Control in Contact Form by WPForms <= 1.10.0.4 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS