Threat Entry Updated 2026-03-04

CVE-2026-1674 - And Custom Form Builder Plugin

The Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization within the save_gutena_forms_schema() function in all versions up to, and including, 1.6.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to update option values to a structured array value on the WordPress site. This can be leveraged to update an option that would create an error on the site and deny service to legitimate users or…

PLUGIN And Custom Form Builder

CVE-2026-1674

MEDIUM CVSS 6.5 2026-03-04

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2025-01-08

CVE-2024-12112 - And Custom Form Builder Plugin

The Easy Form Builder – WordPress plugin form builder: contact form, survey form, payment form, and custom form builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter of the 'add_form_Emsfb' AJAX action in all versions up to, and including, 3.8.8 due to insufficient input sanitization and output escaping and missing authorization checks. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN And Custom Form Builder

CVE-2024-12112

MEDIUM CVSS 6.4 2025-01-08

Risk Score

Open Full Technical Breakdown