cleantalk
Vulnerabilities and Security Researches

User Registration Using Contact Form 7, CVE-2025-12825

CVE, Research URL

CVE-2025-12825

Home page URL

Security reports for User Registration Using Contact Form 7

Application

User Registration Using Contact Form 7

Published on
Jan 17, 2026
Research Description
The User Registration Using Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_cf7_form_data' function in all versions up to, and including, 2.5. This makes it possible for unauthenticated attackers to retrieve form settings which includes Facebook app secrets.
Affected versions
max 2.6.
Status
vulnerable
Previous vulnerability researches
Infility Global (CVE-2024-12723) , Jan 29, 2025
Infility Global (CVE-2025-68864) , Jan 27, 2026
Infility Global (CVE-2025-68865) , Jan 10, 2026
Infility Global (CVE-2025-12968) , Jan 10, 2026
Infility Global (CVE-2024-11496) , Jan 08, 2025
New vulnerability
Custom Fonts – Host Your Fonts Locally (CVE-2025-14351) , Jan 28, 2026
SiteLock Security (CVE-2026-24532) , Jan 28, 2026
Civic Cookie Control (CVE-2026-22348) , Jan 28, 2026
Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin (CVE-2025-14657) , Jan 28, 2026
Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin (CVE-2025-68047) , Jan 28, 2026