PT-2026-22899 · WordPress · Gutena Forms
Youssef Elouaer
·
Published
2026-03-04
·
Updated
2026-03-04
·
CVE-2026-1674
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder plugin for WordPress versions up to and including 1.6.0
Description
The Gutena Forms plugin for WordPress is susceptible to unauthorized data modification. A missing authorization check within the
save gutena forms schema() function allows authenticated attackers with Contributor-level access or higher to update option values. This can lead to denial of service by creating errors on the site or enabling features that are explicitly disabled, such as site user registration.Recommendations
Versions prior to and including 1.6.0 should be updated.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gutena Forms