CVE-2026-32484
Deserialization Object Injection in BoldGrid weForms
Publication date: 2026-03-25
Last updated on: 2026-04-29
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| boldgrid | weforms | to 1.6.26 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-32484 is a high-priority PHP Object Injection vulnerability found in the WordPress weForms plugin versions up to and including 1.6.26.
This vulnerability arises from deserialization of untrusted data, allowing attackers to inject malicious PHP objects.
Exploitation requires some user interaction, such as clicking a malicious link, visiting a crafted page, or submitting a form, and may involve a privileged user performing an action.
How can this vulnerability impact me? :
Successful exploitation of this vulnerability can lead to severe impacts including code injection, SQL injection, path traversal, denial of service, and other critical security issues.
Because it allows PHP Object Injection, attackers can potentially execute arbitrary code or manipulate the system in harmful ways if a suitable Property Oriented Programming (POP) chain is available.
This makes the vulnerability highly dangerous and capable of mass exploitation across many websites regardless of their traffic or popularity.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The vulnerability affects WordPress weForms plugin versions up to and including 1.6.26 and involves PHP Object Injection. Detection involves identifying if the vulnerable plugin version is installed.
Since the vulnerability requires user interaction with crafted links, pages, or forms, monitoring for unusual requests or suspicious form submissions related to the weForms plugin could help detect exploitation attempts.
Specific commands are not provided in the available resources, but general detection steps include checking the installed plugin version via WordPress CLI or file inspection.
- Use WP-CLI to check the installed version: wp plugin list | grep weforms
- Inspect plugin files or version.php to confirm the version number.
- Monitor web server logs for suspicious POST requests or unusual URL parameters targeting the weForms plugin.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to immediately update the WordPress weForms plugin to version 1.6.27 or later, where the vulnerability is patched.
If immediate updating is not possible, apply the automatic mitigation rule provided by Patchstack to block attacks targeting this vulnerability.
Users unable to update or apply mitigations should seek assistance from their hosting provider or web developer.
Additionally, monitoring and restricting user interactions that could trigger the vulnerability (such as clicking malicious links or submitting crafted forms) can reduce risk.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the CVE-2026-32484 vulnerability in the BoldGrid weForms plugin directly affects compliance with common standards and regulations such as GDPR or HIPAA.