What the vulnerability does
01Description
Subscriber Broken Access Control in Ultra Addons for WPForms <= 1.0.11 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
What the vulnerability does
Subscriber Broken Access Control in Ultra Addons for WPForms <= 1.0.11 versions.
Explanation of Vulnerability in Simple Terms
Ultra Addons for WPForms versions up to 1.0.11 lack proper authorization checks, allowing authenticated users with low privileges to modify or disable site functionality. The vulnerability affects multiple components due to scope change, meaning the impact extends beyond the plugin itself. Site administrators should update to a version newer than 1.0.11.
What an attacker can do
Modify or disable WPForms functionality and potentially affect other site components.
Potential impact on your site
Low-privilege users can alter form behavior or disable features without authorization.
Conditions required to exploit
Attacker must have a low-privilege WordPress user account (e.g., subscriber or contributor).
Key dates
External resources
Related vulnerabilities