CVE 9.8 CRITICAL

WordPress WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.4 - PHP Object Injection vulnerability_CVE-2026-49105

June 15, 2026 invoker category_cve

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

Unauthenticated PHP Object Injection in WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.4 versions.

AI Analysis

Unauthenticated PHP Object Injection vulnerability in WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin

Basic Information

ID CVE-2026-49105

Source Patchstack

Published Jun 15, 2026 at 20:19

Modified Jun 15, 2026 at 21:38

Affected Product

Vendor CRM Perks

Product WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms

Version 1.1.4

Affected Versions CRM Perks WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms n/a

CWE Classification

CWE-502

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor CRM Perks

Product WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms

Version 1.1.4

References

patchstack.com /database/wordpress/plugin/cf7-zendesk/vulnerability/wordpress-wp-zendesk-for-contact-form-7-wpforms-elementor-formidable-and-ninja-forms-plugin-1-1-4-php-object-injection-vulnerability

{
    "lastseen": "",
    "description": "Unauthenticated PHP Object Injection in WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.4 versions.",
    "published": "2026-06-15T20:19:19.065Z",
    "modified": "2026-06-15T21:38:33.159Z",
    "type": "cve",
    "title": "WordPress WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.4 - PHP Object Injection vulnerability",
    "source": "Patchstack",
    "references": "https://patchstack.com/database/wordpress/plugin/cf7-zendesk/vulnerability/wordpress-wp-zendesk-for-contact-form-7-wpforms-elementor-formidable-and-ninja-forms-plugin-1-1-4-php-object-injection-vulnerability?_s_id=cve",
    "id": "CVE-2026-49105",
    "bulletinFamily": "",
    "cwe": [
        "CWE-502"
    ],
    "cvelist": null,
    "sourceData": "CRM Perks WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms n/a",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms",
    "version": "1.1.4",
    "vendor": "CRM Perks",
    "ai_description": "Unauthenticated PHP Object Injection vulnerability in WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin",
    "ai_severity": "Critical",
    "ai_vendor": "CRM Perks",
    "ai_product": "WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms",
    "ai_version": "1.1.4",
    "ai_score": 9.8
}

💭 Join the Security Discussion ❌ Cancel Reply