Home / Vulnerability Intelligence / CVE-2026-40764

CVE-2026-40764 - Vulnerability Analysis

HighCVSS: 8.1

Last Updated: April 15, 2026

Syed Balkhi Contact Form by WPForms - Cross-Site Request Forgery

Published: April 15, 2026Updated: April 15, 2026Remote Exploitable

Overview

Syed Balkhi Contact Form by WPForms wpforms-lite <= 1.10.0.2 contains a cross-site request forgery vulnerability caused by insufficient request validation, letting attackers perform unauthorized actions via forged requests, exploit requires victim interaction.

Severity & Score

Severity: High

CVSS Score: 8.1

Impact

Attackers can perform unauthorized actions on behalf of authenticated users, potentially compromising user data or site integrity.

Mitigation

Update to a version later than 1.10.0.2 or the latest available version.

References

https://patchstack.com/database/Wordpress/Plugin/wpforms-lite/vulnerability/wordpress-contact-form-by-wpforms-plugin-1-10-0-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

Related Resources

Details

CVE ID: CVE-2026-40764
Severity: High
CVSS Score: 8.1
Type: cross_site_request_forgery
Status: new

CWE

CWE-352

CVSS Metrics

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:L