What the vulnerability does
01Description
Insertion of Sensitive Information Into Sent Data vulnerability in WEN Solutions Contact Form 7 GetResponse Extension contact-form-7-getresponse-extension allows Retrieve Embedded Sensitive Data.This issue affects Contact Form 7 GetResponse Extension: from n/a through <= 1.0.8.
Explanation of Vulnerability in Simple Terms
02Summary
The Contact Form 7 GetResponse Extension for WordPress versions 1.0.8 and earlier exposes sensitive information through improper access controls. An unauthenticated attacker can read data that should be restricted, such as form submissions or API credentials. No user interaction is required. Update to a version newer than 1.0.8 immediately.
What an attacker can do
03Attacker Capabilities
Read sensitive data like form submissions or API credentials without authentication.
Potential impact on your site
04Site Impact
Visitor form data and integration credentials may be exposed to anyone on the internet.
Conditions required to exploit
05Prerequisites
Network access only; no authentication or user interaction required.
Key dates
06Disclosure timeline
January 23, 2026
CVE published
April 28, 2026
Record updated