cleantalk
Vulnerabilities and Security Researches

Message Filter for Contact Form 7, CVE-2024-12026

CVE, Research URL

CVE-2024-12026

Home page URL

Security reports for Message Filter for Contact Form 7

Application

Message Filter for Contact Form 7

Published on
Dec 07, 2024
Research Description
The Message Filter for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveFilter() function in all versions up to, and including, 1.6.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create new filters.
Affected versions
Min -, max 1.6.3.
Status
vulnerable
Previous vulnerability researches
Message Filter for Contact Form 7 (CVE-2024-54254) , Dec 11, 2024
Message Filter for Contact Form 7 (CVE-2024-12026) , Dec 07, 2024
Message Filter for Contact Form 7 (CVE-2024-12027) , Dec 07, 2024
Message Filter for Contact Form 7 (CVE-2025-46252) , Apr 24, 2025
Message Filter for Contact Form 7 (CVE-2024-39647) , Aug 04, 2024
New vulnerability
Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light (CVE-2025-39378) , Apr 25, 2025
PowerPress Podcasting plugin by Blubrry (CVE-2024-9230) , Apr 25, 2025
Capturly (CVE-2025-39379) , Apr 25, 2025
Frontend Login and Registration Blocks (CVE-2025-3607) , Apr 25, 2025
Ultimate Dashboard – Custom WordPress Dashboard (CVE-2025-1523) , Apr 25, 2025