Impact
A flaw in the Ultra Addons for WPForms plugin allows users with insufficient privileges to perform actions intended for higher‑level users. This broken access control can lead to unauthorized modifications or exploitation of the plugin’s features, compromising the integrity and availability of the WordPress site.
Affected Systems
The vulnerability affects Themefic’s Ultra Addons for WPForms plugin versions 1.0.11 and earlier. The affected software is installed on WordPress sites that use this plugin.
Risk and Exploitability
The issue carries a CVSS score of 6.4, indicating moderate severity. The EPSS score of less than 1 % suggests exploitation is unlikely at this time, and the vulnerability is not listed in CISA’s KEV catalog. The most probable attack vector is a web‑based request to the plugin’s endpoints, allowing an attacker to bypass intended permissions.
OpenCVE Enrichment