CVE-2026-7050
Authorization Bypass in Forms Rb WordPress Plugin
Publication date: 2026-05-12
Last updated on: 2026-05-12
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| forms_rb | forms_rb | to 1.1.9 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability allows attackers with contributor-level access or above to access and manipulate form data they should not have permission to handle.
- They can read sensitive form submission records.
- They can modify form configuration options, potentially altering how forms behave.
- They can delete records belonging to any form, leading to data loss.
Can you explain this vulnerability to me?
The Forms Rb plugin for WordPress has an authorization bypass vulnerability in all versions up to and including 1.1.9. This means the plugin does not properly verify whether a user is authorized to perform certain actions.
As a result, authenticated users with contributor-level access or higher can read form submission records, modify form configuration options, and delete records for any form they do not own.