CVE 9.8 CRITICAL

WordPress Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.1 - PHP Object Injection vulnerability_CVE-2026-9691

June 15, 2026 invoker category_cve

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

Unauthenticated PHP Object Injection in Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.1 versions.

AI Analysis

Unauthenticated PHP Object Injection vulnerability in WordPress Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms plugin

Basic Information

ID CVE-2026-9691

Source Patchstack

Published Jun 15, 2026 at 20:17

Affected Product

Vendor CRM Perks

Product Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms

Version 1.1.1

Affected Versions CRM Perks Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms n/a

CWE Classification

CWE-502

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor CRM Perks

Product Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms

Version 1.1.1

References

patchstack.com /database/wordpress/plugin/cf7-active-campaign/vulnerability/wordpress-integration-for-activecampaign-and-contact-form-7-wpforms-elementor-ninja-forms-plugin-1-1-1-php-object-injection-vulnerability

{
    "lastseen": "",
    "description": "Unauthenticated PHP Object Injection in Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.1 versions.",
    "published": "2026-06-15T20:17:30.135Z",
    "modified": "2026-06-15T20:17:30.135Z",
    "type": "cve",
    "title": "WordPress Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.1 - PHP Object Injection vulnerability",
    "source": "Patchstack",
    "references": "https://patchstack.com/database/wordpress/plugin/cf7-active-campaign/vulnerability/wordpress-integration-for-activecampaign-and-contact-form-7-wpforms-elementor-ninja-forms-plugin-1-1-1-php-object-injection-vulnerability?_s_id=cve",
    "id": "CVE-2026-9691",
    "bulletinFamily": "",
    "cwe": [
        "CWE-502"
    ],
    "cvelist": null,
    "sourceData": "CRM Perks Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms n/a",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms",
    "version": "1.1.1",
    "vendor": "CRM Perks",
    "ai_description": "Unauthenticated PHP Object Injection vulnerability in WordPress Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms plugin",
    "ai_severity": "Critical",
    "ai_vendor": "CRM Perks",
    "ai_product": "Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms",
    "ai_version": "1.1.1",
    "ai_score": 9.8
}

💭 Join the Security Discussion ❌ Cancel Reply