CVE-2026-1674: CWE-862 Missing Authorization in saadiqbal Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder
The Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization within the save_gutena_forms_schema() function in all versions up to, and including, 1.6.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to update option values to a structured array value on the WordPress site. This can be leveraged to update an option that would create an error on the site and deny service to legitimate users or be used to set some values, that would, for example enable site user registration when it is explicitly disabled.
AI Analysis
Technical Summary
The Gutena Forms plugin for WordPress, which includes Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder features, suffers from a missing authorization vulnerability (CWE-862) in the save_gutena_forms_schema() function. Authenticated attackers with at least Contributor privileges can update structured option values on the site, potentially causing site errors or changing configuration settings such as enabling user registration. This vulnerability affects all versions up to and including 1.6.0.
Potential Impact
Exploitation requires authenticated access with Contributor-level permissions or higher. Successful exploitation can result in unauthorized modification of site options, potentially causing denial of service through site errors or altering site behavior such as enabling user registration against administrator intent. There is no direct confidentiality or availability impact beyond these effects. No known exploits are reported in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict Contributor-level access carefully and monitor for unusual changes to site options. Avoid granting Contributor or higher privileges to untrusted users. Review plugin updates regularly for a patch addressing this issue.
CVE-2026-1674: CWE-862 Missing Authorization in saadiqbal Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder
Description
The Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization within the save_gutena_forms_schema() function in all versions up to, and including, 1.6.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to update option values to a structured array value on the WordPress site. This can be leveraged to update an option that would create an error on the site and deny service to legitimate users or be used to set some values, that would, for example enable site user registration when it is explicitly disabled.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The Gutena Forms plugin for WordPress, which includes Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder features, suffers from a missing authorization vulnerability (CWE-862) in the save_gutena_forms_schema() function. Authenticated attackers with at least Contributor privileges can update structured option values on the site, potentially causing site errors or changing configuration settings such as enabling user registration. This vulnerability affects all versions up to and including 1.6.0.
Potential Impact
Exploitation requires authenticated access with Contributor-level permissions or higher. Successful exploitation can result in unauthorized modification of site options, potentially causing denial of service through site errors or altering site behavior such as enabling user registration against administrator intent. There is no direct confidentiality or availability impact beyond these effects. No known exploits are reported in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict Contributor-level access carefully and monitor for unusual changes to site options. Avoid granting Contributor or higher privileges to untrusted users. Review plugin updates regularly for a patch addressing this issue.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Wordfence
- Date Reserved
- 2026-01-30T01:38:03.875Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69a81880d1a09e29cb2f5309
Added to database: 3/4/2026, 11:33:20 AM
Last enriched: 4/9/2026, 6:32:22 PM
Last updated: 4/18/2026, 4:30:07 PM
Views: 79
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.