Skip to main content

Accept Paypal Payments Using Contact Form 7

1 CVEs product

Monthly

CVE-2026-39707 MEDIUM This Month

Missing authorization in ZealousWeb's Accept PayPal Payments using Contact Form 7 plugin (versions up to 4.0.4) allows unauthenticated remote attackers to modify payment-related data through incorrectly configured access controls. The vulnerability exposes WordPress sites using this plugin to unauthorized alterations of sensitive payment information without requiring user authentication, though the EPSS score of 0.02% (4th percentile) indicates low real-world exploitation probability despite network accessibility.

Authentication Bypass Accept Paypal Payments Using Contact Form 7
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
EPSS 0% CVSS 5.3
MEDIUM This Month

Missing authorization in ZealousWeb's Accept PayPal Payments using Contact Form 7 plugin (versions up to 4.0.4) allows unauthenticated remote attackers to modify payment-related data through incorrectly configured access controls. The vulnerability exposes WordPress sites using this plugin to unauthorized alterations of sensitive payment information without requiring user authentication, though the EPSS score of 0.02% (4th percentile) indicates low real-world exploitation probability despite network accessibility.

Authentication Bypass Accept Paypal Payments Using Contact Form 7
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy