AI description
CVE-2026-9691 describes an unauthenticated PHP Object Injection vulnerability. This flaw impacts versions up to and including 1.1.1 of an integration designed for ActiveCampaign and various form plugins, specifically Contact Form 7, WPForms, Elementor, and Ninja Forms. The vulnerability stems from the improper handling of PHP objects, which could allow an attacker to inject malicious code without requiring authentication.
- Description
- Unauthenticated PHP Object Injection in Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.1 versions.
- Source
- audit@patchstack.com
- NVD status
- Deferred
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- audit@patchstack.com
- CWE-502
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
5
🚨 CVE-2026-9691: WordPress Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.1 - PHP Object Injection vulnerability Critical Vulnerability Alert! Tornado is affected by CVE-2026-9691. Full Vulnerability Details & Analysis
@zoomeye_team
16 Jun 2026
2285 Impressions
15 Retweets
30 Likes
9 Bookmarks
0 Replies
0 Quotes
https://t.co/48KSBDojzs CVE-2026-9691 cf7-active-campaign (CVSS Score 8.1) #WordPress plugin #vulnerability #cybersecurity #wordpressfirewall #wordpresssecurity #hacking #wpsecurity #at…
@atomicedgeWAF
14 Jun 2026
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes