CVE-2026-8692
The CVE covers the Vedrixa Forms – WordPress plugin (versions up to 1.1.1). The issue is an authorization bypass in the AJAX handler (wefb_save_form_structure), allowing authenticated users with subscriber-level access and above to arbitrarily modify form structure by writing attacker-controlled ...