CVE-2026-3831 in Database for Contact Form 7, WPforms, Elementor Forms PluginИнформация

Сводка (Английский)

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the entries_shortcode() function in all versions up to, and including, 1.4.9. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract all form submissions - including names, emails, phone numbers.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Ответственный

Wordfence

Резервировать

09.03.2026

Раскрытие

01.04.2026

Статус

Подтверждённый

Записи

VulDB provides additional information and datapoints for this CVE:

ИДУязвимостьCWEЭксКонCVE
354539crmperks Database for Contact Form 7, WPforms, Elementor Forms Plugin Shortcode entries_shortcode эскалация привилегий862Не определеноНе определеноCVE-2026-3831

Описание

CPE

CWE

CVSS

Эксплойты

История

Разница

Связать

Разведка угроз

API JSON

API XML

API CSV

Источники

ПредыдущийОбзорДалее

Interested in the pricing of exploits?

See the underground prices here!