What the vulnerability does
01Description
Missing Authorization vulnerability in August Infotech Multi-language Responsive Contact Form responsive-contact-form allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Multi-language Responsive Contact Form: from n/a through <= 2.8.
Explanation of Vulnerability in Simple Terms
02Summary
The Multi-language Responsive Contact Form plugin through version 2.8 fails to check user permissions before allowing access to sensitive data. An attacker can read information without authentication, such as submitted form data or configuration details. Update to a version newer than 2.8 to fix this authorization bypass.
What an attacker can do
03Attacker Capabilities
Read sensitive data from the plugin without logging in.
Potential impact on your site
04Site Impact
Attackers can access form submissions, user data, or plugin settings without permission.
Conditions required to exploit
05Prerequisites
Network access only; no authentication or user interaction required.
Key dates
06Disclosure timeline
July 16, 2025
CVE published
April 28, 2026
Record updated