Threat Entry Updated 2026-04-15

CVE-2026-3642 - E Shot Form Builder Plugin

The e-shot™ form builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.2. The eshot_form_builder_update_field_data() AJAX handler lacks any capability checks (current_user_can()) or nonce verification (check_ajax_referer()/wp_verify_nonce()). The function is registered via the wp_ajax_ hook, making it accessible to any authenticated user. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify form field configurations including mandatory status, field visibility, and form display preferences via the eshot_form_builder_update_field_data AJAX action.

PLUGIN E Shot Form Builder

CVE-2026-3642

MEDIUM CVSS 5.3 2026-04-15

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-03-23

CVE-2026-3546 - E Shot Form Builder Plugin

The e-shot form builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.2. The eshot_form_builder_get_account_data() function is registered as a wp_ajax_ AJAX handler accessible to all authenticated users. The function lacks any capability check (e.g., current_user_can('manage_options')) and does not verify a nonce. It directly queries the database for the e-shot API token stored in the eshotformbuilder_control table and returns it along with all subaccount data as a JSON response. This makes it possible for authenticated attackers, with Subscriber-level access and above, to…

PLUGIN E Shot Form Builder

CVE-2026-3546

MEDIUM CVSS 5.3 2026-03-21

Risk Score

Open Full Technical Breakdown