CVE-2026-25863 in Conditional Fields for Contact Form 7información

Resumen

por MITRE • 2026-05-04

Conditional Fields for Contact Form 7 WordPress plugin through version 2.7.2 contains an uncontrolled resource consumption vulnerability in the Wpcf7cfMailParser class where the hide_hidden_mail_fields_regex_callback() method reads an iteration count directly from user-supplied POST parameters without validation or upper bound enforcement. Unauthenticated attackers can supply an arbitrarily large integer value through the REST API endpoint to cause unbounded loop execution with multiple preg_replace() operations, exhausting server memory and crashing the PHP process.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

VulnCheck

Reservar

2026-02-06

Divulgación

2026-05-04

Moderación

aceptado

Artículo

VDB-360996

CPE

listo

CWE

CWE-1284 (confirmado)

CVSS

7.5 (CNA)

EPSS

0.00085

KEV

Actividades

muy bajo

Sector

Hostingprovider

Fuentes

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-25863
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-25863
CVE Details	https://www.cvedetails.com/cve/CVE-2026-25863/

◂ Anterior Visión De Conjunto Próximo ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!