The Vedrixa Forms – User Registration Form, Signup Form & Drag & Drop Form Builder WordPress plugin suffers from a missing authorization check (CWE-862) in all versions up to 1.1.1. This allows authenticated users with subscriber-level privileges or higher to bypass authorization controls and alter form structures by writing arbitrary data to the plugin's FORMS database table. The vulnerability is facilitated by the exposure of an 'ajax-nonce' token on the frontend via wp_localize_script(), which any authenticated user can obtain by visiting a page containing a form shortcode. This flaw does not require elevated privileges beyond subscriber access and does not impact confidentiality or availability but allows integrity compromise of form data.

An attacker with subscriber-level access or higher can modify the structure of any form managed by the plugin, potentially disrupting form functionality or injecting malicious fields. The vulnerability does not affect confidentiality or availability but impacts data integrity within the plugin's forms database table. There are no known exploits in the wild at this time. The CVSS 3.1 base score is 4.3 (medium severity), reflecting low complexity and no user interaction required beyond authentication.

Patch status is not yet confirmed — no official fix or remediation level has been published by the vendor. Users should monitor the vendor's advisory channels for updates and apply any official patches once available. Until a patch is released, restrict subscriber-level access where possible and avoid exposing pages with the form shortcode to untrusted authenticated users. Review and limit user roles and capabilities to reduce risk.