Primary

Context

WS Form LITE WordPress Plugin Missing Capability Check Vulnerability in REST API Config Endpoint

Vulnerability

Patched

A vulnerability exists in the WS Form LITE WordPress plugin, specifically in versions through 1.10.35. The issue arises from a missing capability check in the 'get_config' function, which is part of the REST API. This flaw allows unauthenticated users to access sensitive plugin settings, including API keys for integrated services.

Impact

Exploitation of this vulnerability leads to unauthorized access to sensitive information, specifically plugin configuration data and API keys.

Remediation

Users can update to WS Form LITE version 1.10.36 or later to address this vulnerability.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

8.2

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

8.2

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WS Form LITE WordPress Plugin Missing Capability Check Vulnerability in REST API Config Endpoint

Vulnerability

Impact

Remediation

Affected Products

WS Form LITE

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating