CVE-2026-1753— Gutena Forms < 1.6.1 - Contributor+ Arbitrary Limited Options Update
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-1753
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Gutena Forms < 1.6.1 - Contributor+ Arbitrary Limited Options Update
Source: NVD (National Vulnerability Database)
Vulnerability Description
The Gutena Forms WordPress plugin before 1.6.1 does not validate option to be updated, which could allow contributors and above role to update arbitrary boolean and array options (such as users_can_register).
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
WordPress plugin Gutena Forms 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台具有在基于PHP和MySQL的服务器上架设个人博客网站的功能。WordPress plugin是一个应用插件。 WordPress plugin Gutena Forms 1.6.1之前版本存在安全漏洞,该漏洞源于未验证要更新的选项,可能导致贡献者及以上角色的用户更新任意布尔和数组选项。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Unknown | Gutena Forms | 0 ~ 1.6.1 | - |
II. Public POCs for CVE-2026-1753
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-1753
请登录查看更多情报信息。
- Gutena Forms < 1.6.1 – Contributor+ Arbitrary Limited Options Update | CVE 2026-1753 | Plugin Vulnerabilitiesexploitvdb-entrytechnical-description
- https://nvd.nist.gov/vuln/detail/CVE-2026-1753
Same Patch Batch · Unknown · 2026-03-11 · 6 CVEs total
| CVE-2019-25474 | 6.2 MEDIUM | Easy MP3 Downloader 4.7.8.8 Denial of Service Buffer Overflow |
| CVE-2026-1867 | WP Front User Submit < 5.0.6 - Unauthenticated Sensitive Information Exposure | |
| CVE-2026-2466 | DukaPress <= 3.2.4 - Reflected XSS | |
| CVE-2026-2626 | Divi Booster < 5.0.2 - Unauthenticated PHP Object Injection | |
| CVE-2026-2631 | Datalogics Ecommerce Delivery < 2.6.60 - Unauthenticated Privilege Escalation |
IV. Related Vulnerabilities
Same vendor: Unknown
- CVE-2026-6433
Custom CSS JS PHP <= 2.0.7 - Unauthenticated SQL Injection t - CVE-2026-4935
SureTriggers < 1.1.23 – Unauthenticated SQLi - CVE-2026-5335
Magic Export & Import < 1.2.0 - Unauthenticated PII Disclosu - CVE-2026-5337
Frontend File Manager Plugin <= 23.6 - Subscriber+ Arbitrary - CVE-2026-5306
Check & Log Email < 2.0.13 - Unauthenticated Stored XSS
V. Comments for CVE-2026-1753
No comments yet