CVE-2026-39435 is a HIGH severity Unauthenticated Cross Site Scripting (XSS) vulnerability in CformsII versions <= 15.1.3. The vulnerability has a CVSS score of 7.1 and was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-39435).
A Cross-Site Request Forgery (CSRF) vulnerability exists in the CformsII WordPress plugin, affecting versions up to and including 15.1.3. The vulnerability allows an attacker to perform unauthorized actions on behalf of an authenticated user by tricking them into submitting a malicious request. With a CVSS 3.1 score of 7.1 (HIGH), this issue presents significant risk due to its network attack vector, low [truncated]