Medium severity5.3NVD Advisory· Published May 2, 2024· Updated Apr 15, 2026

CVE-2024-3585

Description

The Send PDF for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of form submissions due to a missing capability check on the hooks function in all versions up to, and including, 1.0.2.3. This makes it possible for unauthenticated attackers to download information about contact form entries with PDFs.

Affected products

WordPress/Send Pdf For Contact Form 7inferred
Range: <=1.0.2.3
Package: https://wordpress.org/plugins/send-pdf-for-contact-form-7

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

plugins.trac.wordpress.org/browser/send-pdf-for-contact-form-7/trunk/classes/send-pdf.phpnvd
plugins.trac.wordpress.org/changeset/3074631/send-pdf-for-contact-form-7/trunknvd
www.wordfence.com/threat-intel/vulnerabilities/id/0646fcba-afe5-49a2-acd5-e15d009926c4nvd

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000