CVE-2024-5654

Name of the Vulnerable Software and Affected Versions CF7 Google Sheets Connector plugin for WordPress versions up to, and including, 5.0.9

Description The issue is related to a missing capability check on the execute post data cg7 free function, allowing unauthenticated attackers to modify data. This makes it possible for attackers to toggle site configuration settings, including WP DEBUG, WP DEBUG LOG, SCRIPT DEBUG, and SAVEQUERIES.

Recommendations For CF7 Google Sheets Connector plugin for WordPress versions up to, and including, 5.0.9, update to a version higher than 5.0.9 to resolve the issue. As a temporary workaround, consider disabling the execute post data cg7 free function until a patch is available. Restrict access to site configuration settings to minimize the risk of exploitation. Avoid using the vulnerable function in unauthenticated contexts until the issue is resolved.