What is GHSA-92j9-vfpr-4xhf?

GHSA-92j9-vfpr-4xhf is a security advisory published by GitHub Security Advisories with Medium severity. The Vedrixa Forms – User Registration Form, Signup Form \u0026 Drag \u0026 Drop Form Builder plugin for...

Which CVE IDs does GHSA-92j9-vfpr-4xhf cover?

GHSA-92j9-vfpr-4xhf covers the following CVE IDs: CVE-2026-8692. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-92j9-vfpr-4xhf?

GHSA-92j9-vfpr-4xhf has a CVSS v3 base score of 4.3, published by GitHub Security Advisories.

GHSA-92j9-vfpr-4xhfMediumCVSS 4.3

The Vedrixa Forms – User Registration Form, Signup Form & Drag & Drop Form Builder plugin for...

Vendor

GitHub Security Advisories

Published

May 22, 2026

Last Modified

May 22, 2026

🔗 CVE IDs covered (1)

CVE-2026-8692 →

📋 Description

The Vedrixa Forms – User Registration Form, Signup Form & Drag & Drop Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to overwrite the structure of any form — adding, removing, or altering fields — by writing attacker-controlled data to the plugin's FORMS database table. The 'ajax-nonce' nonce used by this handler is injected into the public frontend via wp_localize_script(), so any authenticated user who visits a page containing a form shortcode can obtain it without any elevated access.

🔗 CVE IDs covered (1)

📋 Description

🔗 References (10)