Description
Unauthenticated Broken Access Control in ez Form Calculator Premium <= 2.14.1.2 versions.
Published: 2026-07-02
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Unauthenticated Broken Access Control in the ez Form Calculator Premium plugin allows attackers who do not possess valid credentials to bypass normal permission checks and gain elevated privileges within the plugin. This could enable malicious users to create, modify, or delete forms, read sensitive submission data, or otherwise manipulate the plugin’s functionality without authorization. The weakness is classified as CWE‑862.

Affected Systems

Vendor Keksdieb’s ez Form Calculator Premium plugin, versions up to and including 2.14.1.2, is affected. Any WordPress installation that has these plugin versions deployed is exposed.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate severity vulnerability. The EPSS score is not available, so the exploitation likelihood cannot be quantified, and the vulnerability is not listed in CISA KEV. The attack vector is inferred to be over the network by sending crafted HTTP requests to the plugin’s administration or API endpoints, as the plugin is accessed via the web interface and no authentication is required to exploit the access control flaw.

Generated by OpenCVE AI on July 2, 2026 at 15:04 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the EZ Form Calculator Premium plugin to the latest version (or at least version 2.14.1.3) via the WordPress plugin repository or by manually downloading the patch from the vendor’s site.
  • If no newer version is available, disable or uninstall the plugin immediately to remove the vulnerable code from the site.
  • Configure WordPress user roles to restrict access to the plugin’s admin pages, ensuring only administrators or trusted users can manage forms.
  • Monitor web server and WordPress logs for unusual requests to the plugin’s URLs and investigate any unauthorized access attempts.

Generated by OpenCVE AI on July 2, 2026 at 15:04 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 02 Jul 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 02 Jul 2026 11:30:00 +0000

Type Values Removed Values Added
Description Unauthenticated Broken Access Control in ez Form Calculator Premium <= 2.14.1.2 versions.
Title WordPress ez Form Calculator Premium plugin <= 2.14.1.2 - Broken Access Control vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-07-02T12:41:08.990Z

Reserved: 2026-06-25T08:04:34.979Z

Link: CVE-2026-57750

cve-icon Vulnrichment

Updated: 2026-07-02T12:41:05.163Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-02T15:15:03Z

Weaknesses