MEDIUM
iamranit
CVE published 2026-06-24
CVE-2026-12094
The Advanced Contact Form 7 - Compact DB plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the cf7cdb_ajax_delete_user() function in versions up to, and including, 1.0.0. This vulnerability allows unauthenticated attackers to delete arbitrary contact form submission entries stored by the plugin. The handler is registered against both `wp_ajax_cf7cdb_d [truncated]