CVE-2026-6222

Published: Mag 07, 2026 Last Modified: Mag 07, 2026
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 5,3
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: none
Availability: none

Description

AI Translation Available

The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.51.1. This is due to the `processRequest()` method in `Forminator_Admin_Module_Edit_Page` (admin/abstracts/class-admin-module-edit-page.php) dispatching sensitive module-management actions — including export, delete, clone, delete-entries, publish/draft, and bulk variants — after only a nonce check, without ever verifying that the current user holds the `manage_forminator_modules` capability. The nonce used (`forminator_form_request`) is unconditionally embedded in the global `forminatorData` JavaScript object and localized on every Forminator admin page, including Templates and Reports pages accessible to users who explicitly lack module-management permissions. Because `processRequest()` is invoked during the `admin_menu` action hook — which fires before WordPress enforces page-level capability checks — a user whose Forminator role is restricted to Templates or Reports can craft a valid POST request targeting any published module and successfully trigger the vulnerable actions. This makes it possible for authenticated attackers with subscriber-level access (or any custom low-privilege Forminator role) to export the complete internal configuration of arbitrary forms/polls/quizzes (including notification routing, integration credentials, and conditional logic), delete modules, delete all submissions/votes, clone modules, or bulk-change publish/draft status.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0001
Percentile
0,0th
Updated

EPSS Score Trend (Last 2 Days)

862

Missing Authorization

Incomplete
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality Integrity Access Control Availability
Potential Impacts:
Read Application Data Read Files Or Directories Modify Application Data Modify Files Or Directories Gain Privileges Or Assume Identity Bypass Protection Mechanism Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Dos: Resource Consumption (Other)
Applicable Platforms
Technologies: AI/ML, Database Server, Not Technology-Specific, Web Server
Likelihood of Exploit: High
View CWE Details
https://plugins.trac.wordpress.org/browser/forminator/tags/…
https://plugins.trac.wordpress.org/browser/forminator/tags/1.51.1/admin/abstrac…
https://plugins.trac.wordpress.org/browser/forminator/tags/…
https://plugins.trac.wordpress.org/browser/forminator/tags/1.51.1/admin/abstrac…
https://plugins.trac.wordpress.org/browser/forminator/tags/…
https://plugins.trac.wordpress.org/browser/forminator/tags/1.51.1/admin/classes…
https://plugins.trac.wordpress.org/browser/forminator/tags/…
https://plugins.trac.wordpress.org/browser/forminator/tags/1.52/admin/abstracts…
https://plugins.trac.wordpress.org/browser/forminator/trunk…
https://plugins.trac.wordpress.org/browser/forminator/trunk/admin/abstracts/cla…
https://plugins.trac.wordpress.org/browser/forminator/trunk…
https://plugins.trac.wordpress.org/browser/forminator/trunk/admin/abstracts/cla…
https://plugins.trac.wordpress.org/browser/forminator/trunk…
https://plugins.trac.wordpress.org/browser/forminator/trunk/admin/classes/class…
https://www.wordfence.com/threat-intel/vulnerabilities/id/e…
https://www.wordfence.com/threat-intel/vulnerabilities/id/e860aa70-b8ef-4b2a-a0…