Primary

Context

Wagtail Improper Permission Handling Vulnerability in Form Submission Deletion

Vulnerability

Patched

A vulnerability exists in Wagtail, an open-source content management system built on Django, prior to versions 7.0.7, 7.3.2, and 7.4. This issue allows a CMS user with limited access to form pages to delete submissions from form pages they do not have access to. The vulnerability is exploited by crafting a form submission that targets the deletion of submissions on a page the user does have access to, affecting those they do not. Notably, this vulnerability cannot be exploited by an ordinary site visitor without access to the Wagtail admin.

Impact

Exploitation of this vulnerability allows for unauthorized deletion of form submissions from pages a user does not have access to, potentially leading to loss of important data.

Remediation

Users can upgrade to Wagtail versions 7.0.7, 7.3.2, or 7.4 to address this vulnerability.

Added: May 11, 2026, 4:34 PM

Updated: May 11, 2026, 4:34 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.6

exploitability

5.4

remediation

7.7

relevance

8.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.6

exploitability

5.4

remediation

7.7

relevance

8.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Wagtail Improper Permission Handling Vulnerability in Form Submission Deletion

Vulnerability

Impact

Remediation

Affected Products

Wagtail

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating