Primary

Context

User Registration Using Contact Form 7 WordPress Plugin Unauthorized Data Access Vulnerability

Vulnerability

A vulnerability exists in the User Registration Using Contact Form 7 plugin for WordPress, in all versions through 2.5. The issue arises from a missing capability check in the 'get_cf7_form_data' function, allowing unauthorized users to access form settings, including sensitive information such as Facebook app secrets.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive form data, including Facebook app secrets.

Remediation

Users can update to version 2.6 or a newer patched version to address this vulnerability.

Added: Jan 17, 2026, 5:19 AM

Updated: Jan 17, 2026, 5:19 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.1

remediation

0.0

relevance

2.1

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.1

remediation

0.0

relevance

2.1

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

User Registration Using Contact Form 7 WordPress Plugin Unauthorized Data Access Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating