What the vulnerability does
01Description
Subscriber Broken Access Control in Advanced Form Integration <= 1.126.12 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
What the vulnerability does
Subscriber Broken Access Control in Advanced Form Integration <= 1.126.12 versions.
Explanation of Vulnerability in Simple Terms
Advanced Form Integration contains a missing authorization check that allows authenticated users to modify form data or settings they should not have access to. An attacker with a low-privilege account can change form configurations, submission data, or other protected resources without proper permission validation. This affects versions up to 1.126.12. Update to a version newer than 1.126.12 to resolve the issue.
What an attacker can do
Modify form data or settings belonging to other users or restricted areas of the plugin.
Potential impact on your site
Form data integrity compromised; unauthorized users can alter forms, submissions, or plugin settings.
Conditions required to exploit
Attacker must have a low-privilege account on the site; no user interaction required.
Key dates
External resources
Related vulnerabilities