Gutenverse Form < 2.3.2 – Missing Authorization | CVE 2025-68511 | Plugin Vulnerabilities

Description

The Gutenverse Form – Contact Form Builder, Booking, Reservation, Subscribe for Block Editor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.3.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to perform an unauthorized action.

Affects Plugins

gutenverse-form

Fixed in 2.3.2

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/d2f7f4dd-097e-4ee7-b430-a9e7b5323a1b

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

daroo

Verified

No

WPVDB ID

76d7c7e0-5b03-44a1-8423-a955c66540a9

Timeline

Publicly Published

2025-12-20 (about 4 months ago)

Added

2026-01-06 (about 4 months ago)

Last Updated

2026-01-06 (about 4 months ago)

Other

Published

Title

Published

2025-11-03

Title

Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One 2.0.7 - 2.3.0 - Missing Authorization to Authenticated (Subscriber+) Post Creation

Published

2026-05-02

Title

Flipmart <= 2.8 - Missing Authorization

Published

2025-10-08

Title

Salient Core < 3.0.9 - Missing Authorization

Published

2026-02-03

Title

WebPurify Profanity Filter < 4.0.3 - Missing Authorization to Unauthenticated Plugin Settings Change via webpurify_save_options

Published

2026-05-11

Title

Forms Rb <= 1.1.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Modification via 'form_id' Parameter