CVE-2026-11794
Advanced Form Integration < 2.1.1 - Unauthenticated Privilege Escalation via Breakdance Form Role Mapping
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
The Advanced Form Integration — Connect Forms to 200+ Apps WordPress plugin before 2.1.1 does not restrict the WordPress role assigned when it creates a user from a public form submission, allowing unauthenticated visitors to create an administrator account when an active integration maps the user role to a public form field. This requires a specific, non-default multi-Advanced Form Integration — Connect Forms to 200+ Apps WordPress plugin before 2.1.1 configuration.
| Vendor | unknown |
| Product | advanced form integration — connect forms to 200+ apps |
| Published | Jul 1, 2026 |
Stay Ahead of the Next One
Get instant alerts for unknown advanced form integration — connect forms to 200+ apps
Be the first to know when new unknown vulnerabilities affecting unknown advanced form integration — connect forms to 200+ apps are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
Unknown / Advanced Form Integration — Connect Forms to 200+ Apps
0 < 2.1.1
References
Credits
Khaled Alenazi (Nxploited) WPScan