Medium severity4.3NVD Advisory· Published Apr 8, 2026· Updated Apr 24, 2026
CVE-2026-0814
CVE-2026-0814
Description
The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'vsz_cf7_export_to_excel' function in all versions up to, and including, 2.0.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to export form submissions to excel file.
Affected products
2- Range: <=2.0.9
- Range: <=2.0.9
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3News mentions
1- Wordfence Intelligence Weekly WordPress Vulnerability Report (April 6, 2026 to April 12, 2026)Wordfence Blog · Apr 16, 2026