CVE Catalog

CVE-2026-57669

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Summary

The Advanced Contact form 7 DB plugin version 2.0.9 and earlier contains a broken access control vulnerability exploitable by subscribers. A user with the subscriber role can gain unauthorized access to functions intended for administrators.

Risk Assessment

The risk involves potential leakage of contact data collected via Contact Form 7 forms, as well as unauthorized modification or deletion of this data by an unprivileged user.

Recommendation

Immediately update the Advanced Contact form 7 DB plugin to the latest available version that fixes this vulnerability.

Original NVD description (English source)

Subscriber Broken Access Control in Advanced Contact form 7 DB <= 2.0.9 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS