CVE-2026-5229: CWE-287 Improper Authentication in m615926 Receive Notifications After Form Submitting – Form Notify for Any Forms
The Form Notify plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.1.10. This is due to the plugin trusting user-controlled cookie data to determine which WordPress account to authenticate after a LINE OAuth login. When LINE doesn't provide an email address (which is common), the plugin falls back to reading the 'form_notify_line_email' cookie value without verifying that the LINE account is associated with that email address. This makes it possible for unauthenticated attackers to gain access to any user account on the site, including administrator accounts, by completing a LINE OAuth flow with their own LINE account while injecting a malicious cookie containing the target victim's email address.
AI Analysis
Technical Summary
CVE-2026-5229 is an authentication bypass vulnerability in the Form Notify WordPress plugin caused by trusting user-controlled cookie data ('form_notify_line_email') to authenticate users after a LINE OAuth login. If LINE does not supply an email address, the plugin falls back to this cookie without verifying that the LINE account corresponds to the email, enabling attackers to gain unauthorized access to any user account by injecting a malicious cookie and completing the OAuth flow with their own LINE account.
Potential Impact
Successful exploitation allows unauthenticated attackers to fully compromise any user account on the affected WordPress site, including administrator accounts. This leads to complete confidentiality, integrity, and availability loss for the affected site due to unauthorized access and control.
Mitigation Recommendations
No official patch or remediation is currently available for this vulnerability. Users should monitor the vendor's advisory channels for updates. Until a fix is released, consider disabling the Form Notify plugin or restricting its use to trusted environments. Avoid relying on LINE OAuth login in this plugin as a sole authentication mechanism.
CVE-2026-5229: CWE-287 Improper Authentication in m615926 Receive Notifications After Form Submitting – Form Notify for Any Forms
Description
The Form Notify plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.1.10. This is due to the plugin trusting user-controlled cookie data to determine which WordPress account to authenticate after a LINE OAuth login. When LINE doesn't provide an email address (which is common), the plugin falls back to reading the 'form_notify_line_email' cookie value without verifying that the LINE account is associated with that email address. This makes it possible for unauthenticated attackers to gain access to any user account on the site, including administrator accounts, by completing a LINE OAuth flow with their own LINE account while injecting a malicious cookie containing the target victim's email address.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-5229 is an authentication bypass vulnerability in the Form Notify WordPress plugin caused by trusting user-controlled cookie data ('form_notify_line_email') to authenticate users after a LINE OAuth login. If LINE does not supply an email address, the plugin falls back to this cookie without verifying that the LINE account corresponds to the email, enabling attackers to gain unauthorized access to any user account by injecting a malicious cookie and completing the OAuth flow with their own LINE account.
Potential Impact
Successful exploitation allows unauthenticated attackers to fully compromise any user account on the affected WordPress site, including administrator accounts. This leads to complete confidentiality, integrity, and availability loss for the affected site due to unauthorized access and control.
Mitigation Recommendations
No official patch or remediation is currently available for this vulnerability. Users should monitor the vendor's advisory channels for updates. Until a fix is released, consider disabling the Form Notify plugin or restricting its use to trusted environments. Avoid relying on LINE OAuth login in this plugin as a sole authentication mechanism.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Wordfence
- Date Reserved
- 2026-03-31T13:24:44.823Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a06de9aec166c07b0e66a10
Added to database: 5/15/2026, 8:51:38 AM
Last enriched: 5/15/2026, 9:10:11 AM
Last updated: 5/16/2026, 6:27:18 AM
Views: 12
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.