PT-2026-8045 · WordPress · Stickeasy Protected Contact Form
Itthidej Aramsri
·
Published
2026-02-14
·
Updated
2026-02-14
·
CVE-2025-13973
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
StickEasy Protected Contact Form plugin for WordPress versions up to and including 1.0.2
Description
The StickEasy Protected Contact Form plugin for WordPress has a flaw that allows unauthorized access to sensitive information. Specifically, spam detection logs are stored in a publicly accessible location at
wp-content/uploads/stickeasy-protected-contact-form/spcf-log.txt. This allows unauthenticated attackers to download the log file and potentially access visitor IP addresses, email addresses, and portions of contact form submissions identified as spam.Recommendations
Update the StickEasy Protected Contact Form plugin to a version beyond 1.0.2.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Stickeasy Protected Contact Form