CVE-2023-49167 MEDIUM

CVE-2023-49167: WordPress Database for CF7 plugin <= 1.2.4 - Broken Access Control vulnerability

Vendor Code4Life

Product Database for CF7

Weakness CWE-862 · Missing authorization

Published December 9, 2024

Last update April 29, 2026

View on NVD All CVEs

CVSS base score

6.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality None

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

Missing Authorization vulnerability in code4life Database for CF7 database-for-cf7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Database for CF7: from n/a through <= 1.2.4.

Key dates

02Disclosure timeline

December 9, 2024 CVE published

April 29, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-49167

Related vulnerabilities

04Related CVE

CVE-2026-43573 OpenClaw < 2026.4.10 - SSRF Policy Bypass in Existing-Session Browser Interaction Routes CVE-2025-14864 Virusdie <= 1.1.7 - Missing Authorization to Authenticated (Subscriber+) API Key Disclosure CVE-2024-43919 WordPress Yet Another Related Posts Plugin (YARPP) plugin <= 5.30.10 - Broken Access Control vulnerability CVE-2026-42320 GLPI vulnerable to arbitrary file access CVE-2024-34378 WordPress LeadConnector plugin <= 1.7 - API Broken Access Control vulnerability