CVE-2026-3831 in Database for Contact Form 7, WPforms, Elementor Forms Plugin
Sumário (Inglês)
The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the entries_shortcode() function in all versions up to, and including, 1.4.9. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract all form submissions - including names, emails, phone numbers.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Responsável
Wordfence
Reservar
09/03/2026
Divulgação
01/04/2026
Estado
Confirmado
Inscrições
VulDB provides additional information and datapoints for this CVE:
| ID | Vulnerabilidade | CWE | Exp | Con | CVE |
|---|---|---|---|---|---|
| 354539 | crmperks Database for Contact Form 7, WPforms, Elementor Forms Plugin Shortcode entries_shortcode Elevação de Privilégios | 862 | Não definido | Não definido | CVE-2026-3831 |
Descrição
CPE
CWE
CVSS
Explorações
História
Diferença
Relacionar
Inteligência de ameaças
API JSON
API XML
API CSV