Vulnerabilities and security researches forforms-rb forms-rb

May 14, 2026

CVE, Research URL: CVE-2026-7050
Home page URL: Security reports for Forms Rb
Application: Forms Rb
Date: May 12, 2026
Research Description: The Forms Rb plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.9. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with contributor-level access and above, to read form submission records, modify form configuration options, and delete records belonging to any form they do not own.
Affected versions: max 1.1.9.
Status: vulnerable