CVE-2026-11562 PUBLISHED

WS Form LITE < 1.11.8 - Subscriber+ Arbitrary Settings Update

Assigner: WPScan
Reserved: 08.06.2026 Published: 01.07.2026 Updated: 01.07.2026

The WS Form LITE WordPress plugin before 1.11.8 does not have a capability check on one of its settings-update actions, allowing authenticated users with subscriber-level access and above to modify the WS Form LITE WordPress plugin before 1.11.8's settings.

Product Status

Vendor Unknown
Product WS Form LITE
Versions Default: unaffected
  • affected from 0 to 1.11.8 (excl.)

Credits

  • Mustafa Ahmed finder
  • WPScan coordinator

References

Problem Types

  • CWE-287 Improper Authentication CWE