What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in Metin Saraç Popup for CF7 with Sweet Alert cf7-sweet-alert-popup allows Cross Site Request Forgery.This issue affects Popup for CF7 with Sweet Alert: from n/a through <= 1.6.5.
Explanation of Vulnerability in Simple Terms
02Summary
Popup for CF7 with Sweet Alert versions 1.6.5 and earlier contain a cross-site request forgery (CSRF) vulnerability. An attacker can craft a malicious link or page that, when visited by a logged-in site administrator, performs unwanted actions on the site without their knowledge. The vulnerability requires user interaction and does not expose sensitive data.
What an attacker can do
03Attacker Capabilities
Trick a site admin into performing unwanted actions (like changing settings) by visiting a malicious link.
Potential impact on your site
04Site Impact
An attacker can modify plugin settings or perform other admin actions if they trick you into clicking a link.
Conditions required to exploit
05Prerequisites
Site admin must be logged in and click a malicious link or visit an attacker-controlled page.
Key dates
06Disclosure timeline
August 28, 2025
CVE published
April 28, 2026
Record updated