Primary

Context

JetFormBuilder WordPress Plugin Missing Authorization Vulnerability in AI Form Generation

Vulnerability

Patched

A vulnerability exists in the JetFormBuilder WordPress plugin, specifically in versions up to and including 3.5.3. The issue arises from a lack of proper capability checks in the 'run_callback' function, allowing unauthenticated users to generate forms using AI. This exploitation consumes the site's AI usage limits.

Impact

Exploitation of this vulnerability allows for unauthorized form generation using AI, which can deplete the site's allocated AI usage resources.

Remediation

Users are advised to update the JetFormBuilder plugin to version 3.5.4 or a newer patched version.

Added: Dec 16, 2025, 8:20 AM

Updated: Dec 16, 2025, 3:10 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

9.0

remediation

7.7

relevance

1.5

threat

3.2

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

9.0

remediation

7.7

relevance

1.5

threat

3.2

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

JetFormBuilder WordPress Plugin Missing Authorization Vulnerability in AI Form Generation

Vulnerability

Impact

Remediation

Affected Products

JetFormBuilder

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating