Primary

Context

Gutena Forms WordPress Plugin Arbitrary Options Update Vulnerability

Vulnerability

A vulnerability exists in the Gutena Forms WordPress plugin in versions prior to 1.6.1, where the plugin fails to properly validate options before they are updated. This flaw enables users with Contributor roles and above to modify arbitrary boolean and array options, such as 'users_can_register'.

Impact

Exploitation of this vulnerability allows for unauthorized modification of specific WordPress options, which could lead to broader security issues depending on the options changed.

Reproduction

To reproduce this vulnerability, a user with a Contributor role can insert a specific Gutena Forms block into a post. This block can be configured to target the 'users_can_register' option, effectively changing its value.

Remediation

Users are advised to update the Gutena Forms WordPress plugin to version 1.6.1 or later.

Added: Mar 11, 2026, 6:27 AM

Updated: Mar 11, 2026, 6:27 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.6

remediation

0.0

relevance

3.8

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.6

remediation

0.0

relevance

3.8

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Gutena Forms WordPress Plugin Arbitrary Options Update Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating