CVE 9.8 CRITICAL

WordPress WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.4 - PHP Object Injection vulnerability_CVE-2026-49085

June 15, 2026 invoker category_cve

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

Unauthenticated PHP Object Injection in WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.4 versions.

AI Analysis

Unauthenticated PHP Object Injection vulnerability in WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin

Basic Information

ID CVE-2026-49085

Source Patchstack

Published Jun 15, 2026 at 20:19

Affected Product

Vendor CRM Perks

Product WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms

Version 1.1.4

Affected Versions CRM Perks WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms n/a

CWE Classification

CWE-502

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor CRM Perks

Product WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms

Version 1.1.4

References

patchstack.com /database/wordpress/plugin/cf7-insightly/vulnerability/wordpress-wp-insightly-for-contact-form-7-wpforms-elementor-formidable-and-ninja-forms-plugin-1-1-4-php-object-injection-vulnerability

{
    "lastseen": "",
    "description": "Unauthenticated PHP Object Injection in WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.4 versions.",
    "published": "2026-06-15T20:19:17.744Z",
    "modified": "2026-06-15T20:19:17.744Z",
    "type": "cve",
    "title": "WordPress WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.4 - PHP Object Injection vulnerability",
    "source": "Patchstack",
    "references": "https://patchstack.com/database/wordpress/plugin/cf7-insightly/vulnerability/wordpress-wp-insightly-for-contact-form-7-wpforms-elementor-formidable-and-ninja-forms-plugin-1-1-4-php-object-injection-vulnerability?_s_id=cve",
    "id": "CVE-2026-49085",
    "bulletinFamily": "",
    "cwe": [
        "CWE-502"
    ],
    "cvelist": null,
    "sourceData": "CRM Perks WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms n/a",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms",
    "version": "1.1.4",
    "vendor": "CRM Perks",
    "ai_description": "Unauthenticated PHP Object Injection vulnerability in WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin",
    "ai_severity": "Critical",
    "ai_vendor": "CRM Perks",
    "ai_product": "WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms",
    "ai_version": "1.1.4",
    "ai_score": 9.8
}

💭 Join the Security Discussion ❌ Cancel Reply