🔐 CVE Alert

CVE-2026-11794

UNKNOWN 0.0

Advanced Form Integration < 2.1.1 - Unauthenticated Privilege Escalation via Breakdance Form Role Mapping

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

The Advanced Form Integration — Connect Forms to 200+ Apps WordPress plugin before 2.1.1 does not restrict the WordPress role assigned when it creates a user from a public form submission, allowing unauthenticated visitors to create an administrator account when an active integration maps the user role to a public form field. This requires a specific, non-default multi-Advanced Form Integration — Connect Forms to 200+ Apps WordPress plugin before 2.1.1 configuration.

Vendor unknown
Product advanced form integration — connect forms to 200+ apps
Published Jul 1, 2026
Stay Ahead of the Next One

Get instant alerts for unknown advanced form integration — connect forms to 200+ apps

Be the first to know when new unknown vulnerabilities affecting unknown advanced form integration — connect forms to 200+ apps are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Unknown / Advanced Form Integration — Connect Forms to 200+ Apps
0 < 2.1.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗
wpscan.com: https://wpscan.com/vulnerability/614b9517-d6d5-499f-8172-280280a312b2/

Credits

Khaled Alenazi (Nxploited) WPScan