CVE-2026-3546: CWE-202 Exposure of Sensitive Information Through Data Queries in forfront e-shot
The e-shot form builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.2. The eshot_form_builder_get_account_data() function is registered as a wp_ajax_ AJAX handler accessible to all authenticated users. The function lacks any capability check (e.g., current_user_can('manage_options')) and does not verify a nonce. It directly queries the database for the e-shot API token stored in the eshotformbuilder_control table and returns it along with all subaccount data as a JSON response. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract the e-shot API token and subaccount information, which could then be used to access the victim's e-shot platform account.
AI Analysis
Technical Summary
CVE-2026-3546 is a vulnerability in the forfront e-shot WordPress plugin (versions up to 1.0.2) where the AJAX handler eshot_form_builder_get_account_data() is accessible to all authenticated users without capability or nonce checks. This function queries the database for the e-shot API token and subaccount information and returns it in a JSON response. Because of the lack of access control, any authenticated user, including those with Subscriber-level privileges, can extract sensitive API credentials and subaccount data, potentially compromising the associated e-shot platform account.
Potential Impact
Authenticated attackers with minimal privileges (Subscriber-level and above) can obtain the e-shot API token and subaccount information. This exposure could lead to unauthorized access to the victim's e-shot platform account, potentially allowing data disclosure or manipulation within that platform. There is no indication of impact on system integrity or availability from this vulnerability.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, restrict authenticated user roles to trusted individuals only and consider disabling or restricting the e-shot plugin if possible. Monitor for updates from the vendor for an official fix or temporary mitigation.
CVE-2026-3546: CWE-202 Exposure of Sensitive Information Through Data Queries in forfront e-shot
Description
The e-shot form builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.2. The eshot_form_builder_get_account_data() function is registered as a wp_ajax_ AJAX handler accessible to all authenticated users. The function lacks any capability check (e.g., current_user_can('manage_options')) and does not verify a nonce. It directly queries the database for the e-shot API token stored in the eshotformbuilder_control table and returns it along with all subaccount data as a JSON response. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract the e-shot API token and subaccount information, which could then be used to access the victim's e-shot platform account.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-3546 is a vulnerability in the forfront e-shot WordPress plugin (versions up to 1.0.2) where the AJAX handler eshot_form_builder_get_account_data() is accessible to all authenticated users without capability or nonce checks. This function queries the database for the e-shot API token and subaccount information and returns it in a JSON response. Because of the lack of access control, any authenticated user, including those with Subscriber-level privileges, can extract sensitive API credentials and subaccount data, potentially compromising the associated e-shot platform account.
Potential Impact
Authenticated attackers with minimal privileges (Subscriber-level and above) can obtain the e-shot API token and subaccount information. This exposure could lead to unauthorized access to the victim's e-shot platform account, potentially allowing data disclosure or manipulation within that platform. There is no indication of impact on system integrity or availability from this vulnerability.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, restrict authenticated user roles to trusted individuals only and consider disabling or restricting the e-shot plugin if possible. Monitor for updates from the vendor for an official fix or temporary mitigation.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Wordfence
- Date Reserved
- 2026-03-04T18:26:18.273Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69be1810f4197a8e3b78437c
Added to database: 3/21/2026, 4:01:20 AM
Last enriched: 4/9/2026, 6:48:31 PM
Last updated: 5/5/2026, 2:33:03 AM
Views: 34
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.