CVE-2026-7050: CWE-862 Missing Authorization in rbplugins Forms Rb
The Forms Rb plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.9. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with contributor-level access and above, to read form submission records, modify form configuration options, and delete records belonging to any form they do not own.
AI Analysis
Technical Summary
CVE-2026-7050 is an authorization bypass vulnerability (CWE-862) in the Forms Rb WordPress plugin affecting all versions up to 1.1.9. The plugin fails to properly verify that a user is authorized to perform certain actions, enabling authenticated users with contributor-level privileges or higher to access and manipulate form submission data and configuration settings of forms they do not own. This vulnerability does not impact confidentiality but allows limited integrity modification without causing availability issues. No patch or official fix has been documented, and no known exploits have been observed.
Potential Impact
Authenticated users with contributor-level access or higher can bypass authorization controls to read, modify, and delete form submission data and configuration for forms they do not own. This could lead to unauthorized data manipulation and potential disruption of form functionality. There is no impact on confidentiality or availability according to the CVSS vector. No known active exploitation has been reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict contributor-level access where possible and monitor for unusual activity related to form submissions and configurations. Avoid granting contributor or higher privileges to untrusted users. Follow updates from the plugin vendor or WordPress security advisories for any forthcoming patches.
CVE-2026-7050: CWE-862 Missing Authorization in rbplugins Forms Rb
Description
The Forms Rb plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.9. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with contributor-level access and above, to read form submission records, modify form configuration options, and delete records belonging to any form they do not own.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-7050 is an authorization bypass vulnerability (CWE-862) in the Forms Rb WordPress plugin affecting all versions up to 1.1.9. The plugin fails to properly verify that a user is authorized to perform certain actions, enabling authenticated users with contributor-level privileges or higher to access and manipulate form submission data and configuration settings of forms they do not own. This vulnerability does not impact confidentiality but allows limited integrity modification without causing availability issues. No patch or official fix has been documented, and no known exploits have been observed.
Potential Impact
Authenticated users with contributor-level access or higher can bypass authorization controls to read, modify, and delete form submission data and configuration for forms they do not own. This could lead to unauthorized data manipulation and potential disruption of form functionality. There is no impact on confidentiality or availability according to the CVSS vector. No known active exploitation has been reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict contributor-level access where possible and monitor for unusual activity related to form submissions and configurations. Avoid granting contributor or higher privileges to untrusted users. Follow updates from the plugin vendor or WordPress security advisories for any forthcoming patches.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Wordfence
- Date Reserved
- 2026-04-25T17:55:35.207Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a02e311cbff5d8610bad619
Added to database: 5/12/2026, 8:21:37 AM
Last enriched: 5/12/2026, 8:38:16 AM
Last updated: 5/13/2026, 4:50:50 AM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.