vulnerability
WordPress Plugin: jetformbuilder: CVE-2023-37866: Incorrect Privilege Assignment
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:L/Au:S/C:C/I:C/A:C) | Jul 10, 2023 | May 15, 2025 | May 4, 2026 |
Severity
9
CVSS
(AV:N/AC:L/Au:S/C:C/I:C/A:C)
Published
Jul 10, 2023
Added
May 15, 2025
Modified
May 4, 2026
Description
The JetFormBuilder plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.0.8. This is due to insufficient restrictions on the form builder. This makes it possible for authenticated attackers, with author-level access and above, to create forms that make it possible to register a user with administrative privileges.
Solution
jetformbuilder-plugin-cve-2023-37866
References
- https://www.cve.org/CVERecord?id=CVE-2023-37866
- https://www.wordfence.com/threat-intel/vulnerabilities/id/e9d58191-769c-4632-a086-4dbce9bfb6ad?source=api-prod
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2023-41740
- CVE-2023-37866
- https://attackerkb.com/topics/CVE-2023-37866
- CWE-269
- EUVD-EUVD-2023-41740
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.