Description
Missing Authorization vulnerability in CRM Perks WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms cf7-insightly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms: from n/a through <= 1.1.5.
Published: 2026-03-25
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access to Plugin Data
Action: Immediate Patch
AI Analysis

Impact

This vulnerability is a Missing Authorization flaw that allows an attacker to manipulate or gain access to the plugin’s data handling features. As a result, attackers could read or modify entries made through Contact Form 7, WPForms, Elementor, Formidable or Ninja Forms, potentially exposing sensitive user information or altering form behaviour. The weakness is catalogued as CWE‑862 and is rated Moderate on the CVSS scale.

Affected Systems

The flaw affects the CRM Perks WP Insightly plugin for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms. Any installation using version 1.1.5 or earlier is at risk. Upgrading to a newer release mitigates the issue.

Risk and Exploitability

The CVSS score of 6.5 indicates moderate severity, while the EPSS score of less than 1% suggests a low likelihood of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is web‑based, as the flaw can be triggered by any user who can interact with the affected forms on the site. Exploiting correct configuration of access control levels is possible without administrative privileges, making the risk more significant for sites with permissive user roles.

Generated by OpenCVE AI on March 26, 2026 at 18:56 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade WP Insightly to the latest version that addresses the broken access control flaw.
  • If no patch is available, restrict plugin capabilities to the minimum necessary user roles and review custom role settings.
  • Continuously monitor the plugin’s update log and apply any subsequent security patches as soon as they are released.

Generated by OpenCVE AI on March 26, 2026 at 18:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Crmperks
Crmperks wp Insightly For Contact Form 7, Wpforms, Elementor, Formidable And Ninja Forms
Wordpress
Wordpress wordpress
Vendors & Products Crmperks
Crmperks wp Insightly For Contact Form 7, Wpforms, Elementor, Formidable And Ninja Forms
Wordpress
Wordpress wordpress

Wed, 25 Mar 2026 16:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in CRM Perks WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms cf7-insightly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms: from n/a through <= 1.1.5.
Title WordPress WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.5 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Crmperks Wp Insightly For Contact Form 7, Wpforms, Elementor, Formidable And Ninja Forms
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-03-26T16:26:39.025Z

Reserved: 2026-03-12T11:12:19.949Z

Link: CVE-2026-32527

cve-icon Vulnrichment

Updated: 2026-03-26T16:26:35.671Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-25T17:17:05.897

Modified: 2026-03-30T13:27:12.923

Link: CVE-2026-32527

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:30:41Z

Weaknesses