The WS Form LITE WordPress plugin before 1.11.8 does not have a capability check on one of its settings-update actions, allowing authenticated users with subscriber-level access and above to modify the WS Form LITE WordPress plugin before 1.11.8's settings.
Metrics
Affected Vendors & Products
References
History
Thu, 02 Jul 2026 06:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-284 CWE-732 |
Wed, 01 Jul 2026 20:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-285 |
Wed, 01 Jul 2026 13:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-285 |
Wed, 01 Jul 2026 11:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
cvssV3_1
|
Wed, 01 Jul 2026 06:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The WS Form LITE WordPress plugin before 1.11.8 does not have a capability check on one of its settings-update actions, allowing authenticated users with subscriber-level access and above to modify the WS Form LITE WordPress plugin before 1.11.8's settings. | |
| Title | WS Form LITE < 1.11.8 - Subscriber+ Arbitrary Settings Update | |
| References |
|
Status: PUBLISHED
Assigner: WPScan
Published:
Updated: 2026-07-01T10:20:02.352Z
Reserved: 2026-06-08T07:53:35.591Z
Link: CVE-2026-11562
Updated: 2026-07-01T10:19:58.639Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-02T08:15:04Z