VYPR

Abandoned Contact Form 7

by WordPress

Source repositories

CVEs (2)

  • CVE-2025-52817HigJun 27, 2025
    risk 0.53cvss 8.2epss 0.00

    Missing Authorization vulnerability in ZealousWeb Abandoned Contact Form 7 abandoned-contact-form-7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Abandoned Contact Form 7: from n/a through <= 2.2.

  • CVE-2026-9187MedJun 16, 2026
    risk 0.34cvss 5.3epss 0.00

    The Abandoned Contact Form 7 plugin for WordPress is vulnerable to unauthorized arbitrary post deletion in versions up to, and including, 2.2. This is due to a missing capability check and missing nonce validation in the action__remove_abandoned() function, which is registered…