CVE-2026-3831 in crmperks Database for Contact Form 7, WPforms, Elementor Forms Plugininfo

Summary

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the entries_shortcode() function in all versions up to, and including, 1.4.9. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract all form submissions - including names, emails, phone numbers.

Responsible

Wordfence

Reservation

03/09/2026

Disclosure

04/01/2026

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
354539	crmperks Database for Contact Form 7, WPforms, Elementor Forms Plugin Shortcode entries_shortcode authorization	862	Not defined	Not defined	CVE-2026-3831

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

◂ PreviousOverviewNext ▸

Interested in the pricing of exploits?

See the underground prices here!