Medium severity5.3NVD Advisory· Published Apr 25, 2025· Updated Jun 17, 2026
CVE-2025-3912
CVE-2025-3912
Description
The WS Form LITE – Drag & Drop Contact Form Builder for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_config' function in all versions up to, and including, 1.10.35. This makes it possible for unauthenticated attackers to read the value of the plugin's settings, including API keys for integrated services.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=1.10.35
Patches
Vulnerability mechanics
References
6- plugins.trac.wordpress.org/browser/ws-form/trunk/api/class-ws-form-api.phpnvd
- plugins.trac.wordpress.org/browser/ws-form/trunk/includes/class-ws-form-common.phpnvd
- plugins.trac.wordpress.org/browser/ws-form/trunk/includes/class-ws-form-config.phpnvd
- plugins.trac.wordpress.org/browser/ws-form/trunk/ws-form.phpnvd
- plugins.trac.wordpress.org/changeset/3280355/nvd
- www.wordfence.com/threat-intel/vulnerabilities/id/3f6058e2-a5ec-43b2-9cb7-9efcf0853ffcnvd
News mentions
0No linked articles in our index yet.