PT-2026-41273 · WordPress · Form Notify
Nabil Irawan
·
Published
2026-05-15
·
Updated
2026-05-15
·
CVE-2026-5229
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Form Notify versions prior to 1.1.11
Description
The Form Notify plugin for WordPress allows authentication bypass because it trusts user-controlled cookie data to determine the WordPress account to authenticate following a LINE OAuth login. If LINE does not provide an email address, the plugin uses the value of the
form notify line email cookie without verifying the association between the LINE account and that email. This allows unauthenticated attackers to gain access to any user account, including administrator accounts, by completing a LINE OAuth flow with their own account while injecting a cookie containing the target victim's email address.Recommendations
Update the plugin to a version later than 1.1.10.
Exploit
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Form Notify