Primary

Context

WAH Forms Missing Authorization Vulnerability Allowing Sensitive Data Exposure

Vulnerability

A missing authorization vulnerability in the WAH Forms WordPress plugin, versions through 1.0, allows for the exploitation of improperly configured access control security levels. This vulnerability could lead to unauthorized access to sensitive information that is typically restricted from regular users.

Impact

Exploitation of this vulnerability could result in unauthorized access to sensitive data, which could be used to exploit other vulnerabilities within the system.

Remediation

Patchstack has issued a virtual patch to automatically mitigate this vulnerability for users until an official fix is available. This virtual patch blocks attacks targeting this issue.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WAH Forms Missing Authorization Vulnerability Allowing Sensitive Data Exposure

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating