Skip to main content

Integration For Mailchimp And Contact Form 7 Wpforms Elementor Ninja Forms CVE-2026-25430

| EUVD-2026-15725 MEDIUM
Missing Authorization (CWE-862)
2026-03-25 Patchstack GHSA-9qg3-cr7q-92v5
Authentication Bypass Integration For Mailchimp And Contact Form 7 Wpforms Elementor Ninja Forms Elementor
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Mar 25, 2026 - 16:47 euvd
EUVD-2026-15725
Analysis Generated
Mar 25, 2026 - 16:47 vuln.today
CVE Published
Mar 25, 2026 - 16:14 nvd
MEDIUM 6.5

DescriptionCVE.org

Missing Authorization vulnerability in CRM Perks Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms cf7-mailchimp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through <= 1.2.2.

AnalysisAI

The CRM Perks Integration plugin for Mailchimp (versions through 1.2.2) contains a missing authorization flaw that allows authenticated attackers to modify data through incorrectly configured access controls. An attacker with user-level permissions could bypass authorization checks to alter form submissions and contact information across integrated platforms including Contact Form 7, WPForms, Elementor, and Ninja Forms. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment While a CVSS score and vector are not provided in the vulnerability disclosure, the nature of a broken access control vulnerability in a form integration plugin carries significant real-world risk. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker could enumerate WordPress AJAX handlers or REST API endpoints exposed by the vulnerable plugin and issue unauthenticated requests to access or modify Mailchimp integration settings. For example, the attacker might directly call an admin action endpoint to retrieve stored Mailchimp API credentials, export contact lists, or reconfigure form submission targets to exfiltrate data to an attacker-controlled server. …
Remediation Update the CRM Perks Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms plugin to a patched version beyond 1.2.2 immediately. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-25430 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy