All intelligence
// vulnerability record
cached · NVD via COSMOS syncCVE-2026-11562
MEDIUMpublished 2026-07-01 07:16 UTC · 3 days ago · modified 2026-07-01 18:17 UTC
4.3
CVSS / 10
// description
The WS Form LITE WordPress plugin before 1.11.8 does not have a capability check on one of its settings-update actions, allowing authenticated users with subscriber-level access and above to modify the WS Form LITE WordPress plugin before 1.11.8's settings.