HIGH
bgermann
CVE published 2026-05-25
CVE-2026-39436
A Cross-Site Request Forgery (CSRF) vulnerability exists in the CformsII WordPress plugin, affecting versions up to and including 15.1.3. The vulnerability allows an attacker to perform unauthorized actions on behalf of an authenticated user by tricking them into submitting a malicious request. With a CVSS 3.1 score of 7.1 (HIGH), this issue presents significant risk due to its network attack vector, low [truncated]