CVE-2025-53322 MEDIUM

CVE-2025-53322: WordPress Accept Authorize.NET Payments Using Contact Form 7 plugin <= 2.5 - Sensitive Data Exposure Vulnerability

Vendor Zealousweb
Product Accept Authorize.NET Payments Using Contact Form 7
Weakness CWE-201
Published June 27, 2025
Last update April 28, 2026

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Insertion of Sensitive Information Into Sent Data vulnerability in ZealousWeb Accept Authorize.NET Payments Using Contact Form 7 accept-authorize-net-payments-using-contact-form-7 allows Retrieve Embedded Sensitive Data.This issue affects Accept Authorize.NET Payments Using Contact Form 7: from n/a through <= 2.5.

Explanation of Vulnerability in Simple Terms

02Summary

The Accept Authorize.NET Payments plugin for Contact Form 7 versions 2.5 and earlier exposes sensitive payment information. An attacker can read partial payment card data and other confidential details without authentication. The vulnerability stems from insufficient access controls on payment-related data endpoints. Site administrators should update to a version newer than 2.5 immediately.

What an attacker can do

03Attacker Capabilities

Read partial payment card numbers and other sensitive payment information without logging in.

Potential impact on your site

04Site Impact

Customer payment data and card details may be exposed to unauthorized parties.

Conditions required to exploit

05Prerequisites

Network access only; no authentication or user interaction required.

Key dates

06Disclosure timeline

June 27, 2025 CVE published
April 28, 2026 Record updated