Skip to main content

Advanced Contact Form 7 Db

1 CVEs product

Monthly

CVE-2026-57669 MEDIUM This Month

Broken access control in the Advanced Contact Form 7 DB WordPress plugin (versions <= 2.0.9) permits subscriber-level authenticated users to read all stored contact form submissions without authorization. The root cause is a missing capability check (CWE-862) on a data retrieval endpoint, exposing names, email addresses, phone numbers, and message content submitted by site visitors. No public exploit or CISA KEV listing exists at time of analysis, but low attack complexity and high confidentiality impact make this a meaningful risk on any WordPress site that permits open user registration.

Authentication Bypass Advanced Contact Form 7 Db
NVD
CVSS 3.1
6.5
EPSS
0.3%
EPSS 0% CVSS 6.5
MEDIUM This Month

Broken access control in the Advanced Contact Form 7 DB WordPress plugin (versions <= 2.0.9) permits subscriber-level authenticated users to read all stored contact form submissions without authorization. The root cause is a missing capability check (CWE-862) on a data retrieval endpoint, exposing names, email addresses, phone numbers, and message content submitted by site visitors. No public exploit or CISA KEV listing exists at time of analysis, but low attack complexity and high confidentiality impact make this a meaningful risk on any WordPress site that permits open user registration.

Authentication Bypass Advanced Contact Form 7 Db
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy