Vulnerabilities and security researches forintegrate-contact-form-7-and-aweber integrate-contact-form-7-and-aweber

Jul 02, 2025

CVE, Research URL: CVE-2025-49988
Home page URL: Security reports for Contact Form 7 AWeber Extension
Application: Contact Form 7 AWeber Extension
Date: Jun 20, 2025
Research Description: Missing Authorization vulnerability in Renzo Contact Form 7 AWeber Extension allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Contact Form 7 AWeber Extension: from n/a through 0.1.38.
Affected versions: max 0.1.38.
Status: vulnerable

Dec 11, 2025

CVE, Research URL: CVE-2025-12167
Home page URL: Security reports for Contact Form 7 AWeber Extension
Application: Contact Form 7 AWeber Extension
Date: Nov 08, 2025
Research Description: The Contact Form 7 AWeber Extension plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_aweber_logreset' AJAX endpoint in all versions up to, and including, 0.1.42. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset the AWeber logs.
Affected versions: max 0.1.43.
Status: vulnerable