PT-2026-1709 · Unknown+1 · Contact Form 7+1
Sopon Tangpathum
·
Publicado
2026-01-09
·
Atualizado
2026-01-09
·
CVE-2025-13717
CVSS v3.1
5.3
Média
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Contact Form vCard Generator versions up to and including 2.4
Description
The Contact Form vCard Generator plugin for WordPress has a flaw where a missing capability check on the
wp gvccf check download request function allows unauthorized access to data. Unauthenticated attackers can exploit this to export sensitive Contact Form 7 submission data using the wp-gvc-cf-download-id parameter. This data includes names, phone numbers, email addresses, and messages.Recommendations
Versions prior to and including 2.4 should be updated.
Correção
Missing Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Contact Form 7
Contact Form Vcard Generator