Gutena Forms plugin lets users with contributor access update sensitive settings

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

6.8

Gutena Forms plugin lets users with contributor access update sensitive settings

CVE-2026-1753

Summary

The Gutena Forms plugin for WordPress has a security flaw that allows users with contributor or higher access to change certain sensitive settings. This could potentially be used to compromise the security of the website. Update the plugin to version 1.6.1 or later to fix this issue.

Original title

The Gutena Forms WordPress plugin before 1.6.1 does not validate option to be updated, which could allow contributors and above role to update arbitrary boolean and array options (such as users_ca...

Original description

The Gutena Forms WordPress plugin before 1.6.1 does not validate option to be updated, which could allow contributors and above role to update arbitrary boolean and array options (such as users_can_register).

Vulnerability type

CWE-639 Authorization Bypass Through User-Controlled Key

https://wpscan.com/vulnerability/c42dbab9-b729-4748-88e5-0bd2f6d66e3d/

Published: 11 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026