These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-9691 is a critical vulnerability with a CVSS score of 9.8. The vulnerability is an unauthenticated PHP object injection in the Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms plugin versions <= 1.1.1. The vulnerability was published on [cve-org] and additional details can be found on [nvd].
A critical vulnerability was discovered in the Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms plugin, versions <= 1.1.8. This vulnerability allows unauthenticated PHP object injection, posing a significant risk to affected systems.
CVE-2026-49763 is a critical vulnerability in the Integration for Contact Form 7 HubSpot plugin, with a CVSS score of 9.8. The vulnerability is caused by an unauthenticated PHP object injection in versions <= 1.3.7. This allows a remote attacker to inject PHP code, potentially leading to code execution, data breaches, and other malicious activities.
CVE-2026-49109 is a critical vulnerability in the Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin versions <= 1.4.3. The vulnerability is caused by an unauthenticated PHP object injection, which can allow attackers to execute arbitrary code on the affected system. The vulnerability has a CVSS score of 9.8 and is considered critical.
CVE-2026-49106 is a critical vulnerability in the Integration for Contact Form 7 and Constant Contact plugin, with a CVSS score of 9.8. The vulnerability allows unauthenticated PHP object injection and affects versions up to 1.1.6. The CVE was published on 2026-06-15T21:17:20.630Z and last modified on 2026-06-15T21:24:32.790Z.
CVE-2026-49105 is a critical vulnerability in the WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin. The vulnerability is caused by an unauthenticated PHP object injection, which allows attackers to inject malicious PHP objects into the application. This can lead to arbitrary code execution, data breaches, and other security issues. The vulnerability has a CVSS score of [truncated]
CVE-2026-49104 is a critical vulnerability in the Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin versions <= 1.2.1. The vulnerability allows unauthenticated PHP object injection, with a CVSS score of 9.8 and a severity of CRITICAL.
A critical vulnerability (CVSS Score: 9.8) was published on June 15, 2026, affecting WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin versions <= 1.1.4. This vulnerability allows unauthenticated PHP Object Injection.