WordPress Plugin Vulnerabilities

Advanced Form Integration < 2.1.1 - Unauthenticated Privilege Escalation via Breakdance Form Role Mapping

Description

The plugin does not restrict the WordPress role assigned when it creates a user from a public form submission, allowing unauthenticated visitors to create an administrator account when an active integration maps the user role to a public form field. This requires a specific, non-default multi-plugin configuration.

Proof of Concept

Affects Plugins

References

Classification

Miscellaneous

Original Researcher
Khaled Alenazi (Nxploited)
Submitter
Khaled Alenazi (Nxploited)
Submitter website
Verified
Yes

Timeline

Publicly Published
2026-06-10 (about 21 days ago)
Added
2026-06-10 (about 20 days ago)
Last Updated
2026-06-30 (about 9 hours ago)

Other