Vulnerabilities and security researches foruser-registration-using-contact-form-7 user-registration-using-contact-form-7

Apr 11, 2025

CVE, Research URL: CVE-2025-32679
Home page URL: Security reports for User Registration Using Contact Form 7
Application: User Registration Using Contact Form 7
Date: Apr 09, 2025
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in ZealousWeb User Registration Using Contact Form 7 allows Cross Site Request Forgery. This issue affects User Registration Using Contact Form 7: from n/a through 2.2.
Affected versions: max 2.2.
Status: vulnerable

Jan 28, 2026

CVE, Research URL: CVE-2025-12825
Home page URL: Security reports for User Registration Using Contact Form 7
Application: User Registration Using Contact Form 7
Date: Jan 17, 2026
Research Description: The User Registration Using Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_cf7_form_data' function in all versions up to, and including, 2.5. This makes it possible for unauthenticated attackers to retrieve form settings which includes Facebook app secrets.
Affected versions: max 2.6.
Status: vulnerable