CVE-2024-12026
CVSS 3.1 Score 4.3 of 10 (medium)
Details
Summary
CVE-2024-12026 is a vulnerability affecting the Message Filter component of the Contact Form 7 plugin for WordPress. In versions up to 1.6.3, the saveFilter() function lacks adequate capability checks, allowing authenticated attackers with Subscriber-level access or higher to modify existing filters without proper authorization. This issue poses a security risk, as unauthorized data manipulation could lead to potential harm, such as unintended form behavior or data loss. Users are strongly encouraged to update to the latest version of Contact Form 7 to mitigate this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.