CVE-2024-1779

Name of the Vulnerable Software and Affected Versions Contact Form 7 plugin for WordPress versions up to, and including, 1.1.1

Description The Admin side data storage for the Contact Form 7 plugin is vulnerable to unauthorized modification of data due to a missing capability check on the zt dcfcf change status() function. This allows unauthenticated attackers to alter the message read status of messages.

Recommendations For versions up to, and including, 1.1.1, update to a version that includes a fix for the missing capability check in the zt dcfcf change status() function. As a temporary workaround, consider disabling the zt dcfcf change status() function until a patch is available.