CVE-2026-3831 in Database for Contact Form 7, WPforms, Elementor Forms Plugin
要約 (英語)
The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the entries_shortcode() function in all versions up to, and including, 1.4.9. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract all form submissions - including names, emails, phone numbers.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
責任者
Wordfence
予約する
2026年03月09日
公開
2026年04月01日
ステータス
確認済み
エントリ
VulDB provides additional information and datapoints for this CVE:
| 識別子 | 脆弱性 | CWE | 悪用可 | 対策 | CVE |
|---|---|---|---|---|---|
| 354539 | crmperks Database for Contact Form 7, WPforms, Elementor Forms Plugin Shortcode entries_shortcode 特権昇格 | 862 | 未定義 | 未定義 | CVE-2026-3831 |