A vulnerability was found in webaways NEX-Forms Plugin up to 9.2.2 on WordPress. It has been declared as critical. The affected element is an unknown function of the component Authorization. Such manipulation of the argument saved_user_email_address leads to authorization bypass.
This vulnerability is listed as CVE-2026-9017. The attack may be performed from remote. There is no available exploit.