cleantalk
Vulnerabilities and Security Researches

User Registration Using Contact Form 7, CVE-2025-12825

CVE, Research URL

CVE-2025-12825

Home page URL

Security reports for User Registration Using Contact Form 7

Application

User Registration Using Contact Form 7

Published on
Jan 17, 2026
Research Description
The User Registration Using Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_cf7_form_data' function in all versions up to, and including, 2.5. This makes it possible for unauthenticated attackers to retrieve form settings which includes Facebook app secrets.
Affected versions
max 2.6.
Status
vulnerable
Previous vulnerability researches
Internal Link Builder (CVE-2025-14725) , Jan 27, 2026
Internal Link Builder (CVE-2025-23989) , Jan 31, 2025
New vulnerability
Dinatur (CVE-2025-68866) , Jan 28, 2026
CodeColorer (CVE-2025-68012) , Jan 28, 2026
Shield Security – Smart Bot Blocking & Intrusion Prevention Security (CVE-2025-15370) , Jan 28, 2026
Custom Fonts – Host Your Fonts Locally (CVE-2025-14351) , Jan 28, 2026
SiteLock Security (CVE-2026-24532) , Jan 28, 2026