CVE-2026-32527
Received Received - Intake
Missing Authorization in WP Insightly Plugin Affects Multiple Form Builders

Publication date: 2026-03-25

Last updated on: 2026-04-29

Assigner: Patchstack

Description
Missing Authorization vulnerability in CRM Perks WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms cf7-insightly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms: from n/a through <= 1.1.5.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-25
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-03-25
EPSS Evaluated
2026-06-15
NVD
CVE-2026-32527
EUVD
EUVD-2026-15893
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
crm_perks wp_insightly_for_contact_form_7 to 1.1.5 (inc)
wpforms wpforms to 1.1.5 (inc)
elementor elementor to 1.1.5 (inc)
formidable formidable to 1.1.5 (inc)
ninja_forms ninja_forms to 1.1.5 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-32527 is a Missing Authorization vulnerability in the WordPress plugin "WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms" versions up to and including 1.1.5.

This vulnerability is a Broken Access Control issue caused by missing authorization, authentication, or nonce token checks in certain functions of the plugin.

It allows unprivileged users, such as subscribers or developers, to perform actions that should be restricted to higher privileged roles.

The issue falls under the OWASP Top 10 category A1: Broken Access Control.

Impact Analysis

This vulnerability can allow unauthorized users to perform privileged actions within the affected WordPress plugin.

Such unauthorized actions can lead to potential compromise of website functionality or data integrity.

Because the vulnerability can be exploited by low-privilege users, it increases the risk of mass exploitation campaigns targeting many websites.

If exploited, it could result in unauthorized access or manipulation of contact form data or other plugin-related features.

Users are strongly advised to update to version 1.1.6 or later to mitigate this risk.

Detection Guidance

This vulnerability arises from missing authorization, authentication, or nonce token checks in certain functions of the WP Insightly plugin, allowing unprivileged users to perform restricted actions.

Detection can involve monitoring for unusual or unauthorized access attempts to the plugin's endpoints or functions, especially those that should require higher privilege levels.

While specific commands are not provided, network administrators can use web server logs or intrusion detection systems to look for suspicious POST or GET requests targeting the plugin's URLs or parameters.

Additionally, scanning the installed plugin version to verify if it is at or below 1.1.5 can help identify vulnerable installations.

Mitigation Strategies

The primary immediate step is to update the WP Insightly plugin to version 1.1.6 or later, which contains the patch for this broken access control vulnerability.

For those unable to update immediately, applying the mitigation rule provided by Patchstack can block exploitation attempts until the plugin is patched.

Enabling automatic updates for vulnerable plugins and using continuous security intelligence services can also help protect WordPress sites from exploitation.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-32527. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart