CVE-2024-4319 MEDIUM

CVE-2024-4319: Advanced Contact form 7 DB <= 2.0.2 - Missing Authorization to Unauthenticated Information Disclosure

Vendor Vsourz1Td

Product Advanced Contact form 7 DB

Weakness CWE-862 · Missing authorization

Published June 11, 2024

Last update April 8, 2026

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'vsz_cf7_export_to_excel' function in versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to download the entry data for submitted forms.

Key dates

02Disclosure timeline

June 11, 2024 CVE published

April 8, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-4319 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/862.html

Related vulnerabilities

04Related CVE

CVE-2023-41683 WordPress TelSender plugin <= 1.14.11 - Broken Access Control + CSRF vulnerability CVE-2025-54004 WordPress WCFM – Frontend Manager for WooCommerce plugin <= 6.7.24 - Broken Access Control vulnerability CVE-2023-47836 WordPress WP Meta and Date Remover plugin <= 2.3.0 - Broken Access Control vulnerability CVE-2025-2779 Insert Headers and Footers Code – HT Script <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update CVE-2025-30881 WordPress Big Store theme <= 2.0.8 - Broken Access Control vulnerability