CVE Catalog
CVE-2026-57669
MediumCVSS 6.5Summary
The Advanced Contact form 7 DB plugin version 2.0.9 and earlier contains a broken access control vulnerability exploitable by subscribers. A user with the subscriber role can gain unauthorized access to functions intended for administrators.
Risk Assessment
The risk involves potential leakage of contact data collected via Contact Form 7 forms, as well as unauthorized modification or deletion of this data by an unprivileged user.
Recommendation
Immediately update the Advanced Contact form 7 DB plugin to the latest available version that fixes this vulnerability.
Original NVD description (English source)
Subscriber Broken Access Control in Advanced Contact form 7 DB <= 2.0.9 versions.

