{"vulnerability": "cve-2026-9843", "sightings": [{"uuid": "0e3dedc3-3ea6-49cc-bd1c-6ff550611d2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-9843", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mop5nox22k23", "content": "CVE-2026-9843 - Database for Contact Form 7, WPforms, Elementor forms\nCVE ID : CVE-2026-9843\n \n Published : June 20, 2026, 1:27 a.m. | 2\u00a0hours, 15\u00a0minutes ago\n \n Description : The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to arbit...", "creation_timestamp": "2026-06-20T05:44:32.998606Z"}, {"uuid": "2a538d0d-013a-49ea-8366-8507f06df9c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-9843", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mopim3in4r2e", "content": "HIGH severity path traversal in crmperks Database for Contact Form 7, WPforms, Elementor forms (\u22641.5.1) enables unauthenticated file deletion. Restrict admin access and avoid untrusted form entries until patched. https://radar.offseq.com/threat/cve-2026-9843-cwe-22-improper-limitation-of-a-path-a...", "creation_timestamp": "2026-06-20T09:00:30.437176Z"}, {"uuid": "234d13cc-accb-481c-99a3-a1724598ed3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-9843", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116781614893343773", "content": "CVE-2026-9843: HIGH severity (CVSS 8.1) path traversal in crmperks Database for Contact Form 7, WPforms, Elementor forms (\u22641.5.1). Unauthenticated file deletion possible if admin interacts with malicious entries. Restrict access, monitor logs. https://radar.offseq.com/threat/cve-2026-9843-cwe-22-improper-limitation-of-a-path-a3dfc4d21233784d #OffSeq #WordPress #CVE20269843 #BlueTeam", "creation_timestamp": "2026-06-20T09:00:34.825121Z"}, {"uuid": "4fddce9c-879b-4097-b99e-5bd448697048", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-9843", "type": "seen", "source": "https://bsky.app/profile/suriq.io/post/3mootjayro42t", "content": "A WordPress form-entries plugin on 70,000+ sites has an unauthenticated file deletion bug (CVE-2026-9843, CVSS 8.1). A stranger plants it, an admin click fires it, and the site can be fully taken over. Patch to 1.5.2.\n\n#CVE #infosec #cybersecurity", "creation_timestamp": "2026-06-20T02:43:07.093283Z"}, {"uuid": "683bc112-1b96-41a0-8eb8-a9ad61740604", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-9843", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/116784901089180488", "content": "Some increased actor activities are shown targeting crmperks Database for Contact Form 7, WPforms, Elementor Forms Plugin (CVE-2026-9843) https://vuldb.com/vuln/372499/cti", "creation_timestamp": "2026-06-20T22:56:12.851006Z"}, {"uuid": "16f454e2-ef1d-4739-94dc-7b74c7837050", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-9843", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3morlomn2gc2c", "content": "CVE-2026-9843 - Critical RCE in Database for Contact Form 7, WPforms, Elementor forms for WordPress. Arbitrary file deletion via insufficient path validation. CVSS 8.1. No patch available. Immediately review and restrict plugin usage. #CVE #...\n\nhttps://www.valtersit.com/cve/CVE-2026-9843/", "creation_timestamp": "2026-06-21T05:00:56.103058Z"}]}