PT-2026-3347 · WordPress · User Registration Using Contact Form 7
Published
2026-01-17
·
Updated
2026-01-17
·
CVE-2025-12825
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
User Registration Using Contact Form 7 plugin for WordPress versions prior to 2.5
Description
The User Registration Using Contact Form 7 plugin for WordPress is susceptible to unauthorized data access. This is due to a missing capability check within the
get cf7 form data() function. This allows unauthenticated attackers to retrieve form settings, potentially including sensitive information like Facebook app secrets.Recommendations
Update to a version of the User Registration Using Contact Form 7 plugin later than 2.5.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
User Registration Using Contact Form 7