WordPress Plugin Vulnerabilities

WS Form LITE < 1.11.8 - Subscriber+ Arbitrary Settings Update

Description

The plugin does not have a capability check on one of its settings-update actions, allowing authenticated users with subscriber-level access and above to modify the plugin's settings.

Proof of Concept

Affects Plugins

Fixed in 1.11.8

References

Classification

Miscellaneous

Original Researcher
Mustafa Ahmed
Submitter
Mustafa Ahmed
Submitter website
Verified
Yes

Timeline

Publicly Published
2026-06-10 (about 21 days ago)
Added
2026-06-10 (about 20 days ago)
Last Updated
2026-06-10 (about 20 days ago)

Other