CVE-2026-2568

🗓️ 03 Mar 2026 09:24:12Reported by WordfenceType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 12 Views

Unauthenticated stored cross-site scripting in WP Zendesk for multiple form plugins up to version 1.1.5.

Reporter	Title	Published	Views	Family All 11
ATTACKERKB	CVE-2026-2568	3 Mar 202609:24	–	attackerkb
Circl	CVE-2026-2568	3 Mar 202611:54	–	circl
CNNVD	WordPress plugin WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms 跨站脚本漏洞	3 Mar 202600:00	–	cnnvd
Cvelist	CVE-2026-2568 WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.5 - Unauthenticated Stored Cross-Site Scripting	3 Mar 202609:24	–	cvelist
EUVD	EUVD-2026-9284	3 Mar 202609:24	–	euvd
NVD	CVE-2026-2568	3 Mar 202610:16	–	nvd
Patchstack	WordPress WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.5 - Unauthenticated Stored Cross-Site Scripting vulnerability	3 Mar 202608:44	–	patchstack
Positive Technologies	PT-2026-22727	3 Mar 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-2568	4 Mar 202613:44	–	redhatcve
Vulnrichment	CVE-2026-2568 WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.5 - Unauthenticated Stored Cross-Site Scripting	3 Mar 202609:24	–	vulnrichment

Vulners

Node

crmperks wp_zendesk_for_contact_form_7,_wpforms,_elementor,_formidable_and_ninja_formsRange≤1.1.5wordpress

[
  {
    "vendor": "crmperks",
    "product": "WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "1.1.5",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/27d26d1c-d027-4a22-af49-4d7684d36d40
plugins	www.plugins.trac.wordpress.org/changeset/3467904/

17 Jun 2026 10:31Current

6Medium risk

Vulners AI Score6

CVSS 3.17.2

EPSS0.00235

SSVC

CWE-79