cleantalk
Vulnerabilities and Security Researches

Send PDF for Contact Form 7, CVE-2024-3585

CVE, Research URL

CVE-2024-3585

Home page URL

Security reports for Send PDF for Contact Form 7

Application

Send PDF for Contact Form 7

Published on
May 02, 2024
Research Description
The Send PDF for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of form submissions due to a missing capability check on the hooks function in all versions up to, and including, 1.0.2.3. This makes it possible for unauthenticated attackers to download information about contact form entries with PDFs.
Affected versions
Min -, max 1.0.2.4.
Status
vulnerable
Previous vulnerability researches
Send PDF for Contact Form 7 (CVE-2024-3585) , Jun 06, 2024
Send PDF for Contact Form 7 (f10734a1ded3f4fb4bf97398bf82b8041b3ec077) , Jun 06, 2024
Send PDF for Contact Form 7 (CVE-2023-0143) , Jun 06, 2024
New vulnerability
Automatically Hierarchic Categories in Menu (CVE-2025-50048) , Jun 24, 2025
WP Visitor Statistics (Real Time Traffic) (CVE-2025-49996) , Jun 24, 2025
Video List Manager (CVE-2025-49986) , Jun 24, 2025
Video List Manager (CVE-2025-52821) , Jun 24, 2025
Modern Footnotes (CVE-2025-50049) , Jun 24, 2025