EUVD-2026-15725
GHSA-9qg3-cr7q-92v5
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Lifecycle Timeline
3Description
Missing Authorization vulnerability in CRM Perks Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms cf7-mailchimp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through <= 1.2.2.
Analysis
The CRM Perks Integration plugin for Mailchimp (versions through 1.2.2) contains a missing authorization flaw that allows authenticated attackers to modify data through incorrectly configured access controls. An attacker with user-level permissions could bypass authorization checks to alter form submissions and contact information across integrated platforms including Contact Form 7, WPForms, Elementor, and Ninja Forms. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today