A vulnerability has been found in websoudan MW WP Form Plugin up to 5.1.2 on WordPress and classified as problematic . This affects the function _get_post_property_from_querystring . Performing a manipulation results in authorization bypass. This vulnerability is cataloged as CVE-2026-6206 . It is possible to initiate the attack remotely. There is no exploit available. It is suggested to install a patch to address this issue.