CVE-2026-8692
Description
The Vedrixa Forms – User Registration Form, Signup Form & Drag & Drop Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to overwrite the structure of any form — adding, removing, or altering fields — by writing attacker-controlled data to the plugin's FORMS database table. The 'ajax-nonce' nonce used by this handler is injected into the public frontend via wp_localize_script(), so any authenticated user who visits a page containing a form shortcode can obtain it without any elevated access.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The Vedrixa Forms plugin for WordPress allows authenticated subscribers to overwrite form fields due to missing authorization checks and an exposed nonce.
Vulnerability
The Vedrixa Forms plugin for WordPress versions up to and including 1.1.1 contains an authorization bypass vulnerability in its AJAX handler responsible for saving form structure. The plugin fails to verify that the requesting user has the necessary capabilities (e.g., edit_posts or manage_options) before processing the request. Additionally, the ajax-nonce used to protect the handler is exposed on public-facing pages via wp_localize_script(), making it accessible to any authenticated user who visits a page containing a form shortcode [1][3].
Exploitation
An authenticated attacker with subscriber-level access or higher can obtain the nonce by simply visiting any page that displays a form built with the plugin. The attacker then sends a crafted AJAX request to the vulnerable handler, supplying the nonce and arbitrary form field data. The handler writes this data directly to the plugin's FORMS database table without any capability check, allowing the attacker to add, modify, or delete fields in any existing form [1].
Impact
Successful exploitation allows an attacker to alter the structure of any form managed by the plugin. This can lead to data integrity issues, as form fields can be changed to collect unintended information, or fields can be removed causing data loss. The attacker does not gain administrative privileges but can compromise the functionality and trustworthiness of forms used on the site.
Mitigation
As of the publication date (2026-05-22), no fixed version has been released. Users should disable the plugin until a patch is available. The vendor has not yet provided a workaround. The vulnerability affects all versions up to 1.1.1 inclusive [1][3].
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <=1.1.1
- Range: <=1.1.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- plugins.trac.wordpress.org/browser/vedrixa-forms-registration-builder/tags/1.0.0/admin/class-registration-form-builder-admin.phpnvd
- plugins.trac.wordpress.org/browser/vedrixa-forms-registration-builder/tags/1.0.0/includes/class-registration-form-builder.phpnvd
- plugins.trac.wordpress.org/browser/vedrixa-forms-registration-builder/tags/1.0.0/public/class-registration-form-builder-public.phpnvd
- plugins.trac.wordpress.org/browser/vedrixa-forms-registration-builder/tags/1.1.1/admin/class-registration-form-builder-admin.phpnvd
- plugins.trac.wordpress.org/browser/vedrixa-forms-registration-builder/tags/1.1.1/includes/class-registration-form-builder.phpnvd
- plugins.trac.wordpress.org/browser/vedrixa-forms-registration-builder/tags/1.1.1/public/class-registration-form-builder-public.phpnvd
- plugins.trac.wordpress.org/changesetnvd
- www.wordfence.com/threat-intel/vulnerabilities/id/1b3b8a6c-1c84-4abe-ad4a-02302b04987bnvd
News mentions
0No linked articles in our index yet.