WordPress Plugin Vulnerabilities

Send PDF for Contact Form 7 < 1.0.2.4 - Missing Authorization

Description

The Send PDF for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of form submissions due to a missing capability check on the hooks function in all versions up to, and including, 1.0.2.3. This makes it possible for unauthenticated attackers to download information about contact form entries with PDFs.

Affects Plugins

Plugin icon
send-pdf-for-contact-form-7
Fixed in 1.0.2.4

References

CVE
CVE-2024-3585
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/0646fcba-afe5-49a2-acd5-e15d009926c4

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Krzysztof Zając
Verified
No
WPVDB ID
103b85cb-d6f3-44c3-ac2f-4f6e24d069f6

Timeline

Publicly Published
2024-04-23 (about 2 years ago)
Added
2024-04-23 (about 2 years ago)
Last Updated
2024-04-23 (about 2 years ago)

Other

Published
Title
Published
2025-10-05
Title
Testimonial Slider <= 2.0.15 - Missing Authorization
Published
2025-11-18
Title
Chat Help < 3.1.4 - Unauthenticated Sensitive Information Exposure
Published
2026-02-17
Title
YayMail < 4.3.3 - Shop Manager+ Arbitrary Options Update
Published
2026-01-08
Title
Campaign Monitor for WordPress < 2.9.2 - Missing Authorization
Published
2024-06-03
Title
WP EasyCart < 5.6.0 - Missing Authorization