Primary

Context

HT Plugins Extensions For CF7 Authorization Bypass Vulnerability Allowing Insecure Direct Object References

Vulnerability

Patched

A vulnerability allowing authorization bypass through user-controlled keys has been identified in the HT Plugins Extensions For CF7, affecting versions through 3.4.0. This issue arises from incorrectly configured access control security levels, which could be exploited to bypass authorization and access sensitive files or interact with the database.

Impact

Exploitation of this vulnerability could lead to Insecure Direct Object References (IDOR), allowing unauthorized access to sensitive files or database interactions.

Remediation

Users of the HT Plugins Extensions For CF7 should update to version 3.4.1 or later to address this vulnerability.

Added: Feb 3, 2026, 3:26 PM

Updated: Feb 3, 2026, 5:44 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

1.3

exploitability

5.0

remediation

7.7

relevance

2.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

1.3

exploitability

5.0

remediation

7.7

relevance

2.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HT Plugins Extensions For CF7 Authorization Bypass Vulnerability Allowing Insecure Direct Object References

Vulnerability

Impact

Remediation

Affected Products

HT Plugins Extensions For CF7

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating