CVE-2026-11562
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk6th percentile — higher than 6% of all known CVEs
Summary
The WS Form LITE WordPress plugin before version 1.11.8 lacks a capability check on one of its settings-update actions, allowing authenticated users with subscriber-level access and above to modify the plugin's settings.
Risk Assessment
The risk is that an attacker with low privileges (e.g., subscriber) can alter the plugin configuration, potentially leading to unauthorized data access or further privilege escalation within the WordPress environment.
Recommendation
It is recommended to immediately update the WS Form LITE plugin to version 1.11.8 or later, which includes proper capability checks.
Original NVD description (English source)
The WS Form LITE WordPress plugin before 1.11.8 does not have a capability check on one of its settings-update actions, allowing authenticated users with subscriber-level access and above to modify the WS Form LITE WordPress plugin before 1.11.8's settings.

