PatchSiren cyber security CVE debrief
CVE-2026-49765 CRM Perks CVE debrief
A critical vulnerability was discovered in the Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms plugin, versions <= 1.1.8. This vulnerability allows unauthenticated PHP object injection, posing a significant risk to affected systems.
- Vendor
- CRM Perks
- Product
- Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Administrators and users of WordPress sites utilizing the Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms plugin, versions <= 1.1.8, should be aware of this vulnerability and take immediate action to mitigate potential risks.
Technical summary
The vulnerability, tracked as CVE-2026-49765, has a CVSS score of 9.8, indicating critical severity. It allows unauthenticated attackers to inject PHP objects, potentially leading to arbitrary code execution, information disclosure, and other malicious activities.
Defensive priority
High
Recommended defensive actions
- Update the Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms plugin to a version greater than 1.1.8.
- Review and monitor your WordPress site for suspicious activity.
- Consider implementing additional security measures, such as firewall rules and intrusion detection systems.
Evidence notes
The vulnerability was reported by Patchstack and is documented in the NVD database.
Official resources
-
CVE-2026-49765 CVE record
CVE.org
-
CVE-2026-49765 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-49765 was published on 2026-06-15T21:17:21.587Z and modified on 2026-06-15T21:24:32.790Z.