Description
Missing Authorization vulnerability in SzMake Contact Form 7 Anti Spambot contact-form-7-anti-spambot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form 7 Anti Spambot: from n/a through <= 1.0.1.
Published: 2025-01-16
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a missing authorization flaw (CWE-862) that lets an attacker bypass configured access control constraints within the SzMake Contact Form 7 Anti Spambot plugin. Because the plugin fails to enforce proper privileges, an attacker can invoke restricted contact form features or spam‑mitigation controls that are intended for authorized users only, potentially enabling abuse through the site’s contact forms.

Affected Systems

The vulnerability affects the SzMake Contact Form 7 Anti Spambot WordPress plugin, versions from the earliest available through 1.0.1 inclusive. Users running any of these plugin versions on any WordPress installation are at risk.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity. The EPSS score of less than 1 % points to a very low probability that the flaw has been exploited in the wild. The issue is not currently listed in the CISA KEV catalog. Based on the description, the likely attack vector is remote, via the WordPress web interface, exploiting the plugin’s lack of authorization checks. Whether an attacker can achieve significant damage depends on the scope of the plugin’s functions, which the CVE does not detail.

Generated by OpenCVE AI on May 1, 2026 at 20:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Contact Form 7 Anti Spambot plugin to version 1.0.2 or later, if available, to address the missing authorization flaw.
  • If an upgrade is not yet available, remove the plugin from the WordPress installation to eliminate the vulnerable code.
  • Restrict access to the WordPress administration dashboard using role‑based permissions, ensuring only trusted users can manage plugins and contact forms.
  • Implement a web application firewall or security plugin that blocks suspicious requests targeted at the contact form endpoints.

Generated by OpenCVE AI on May 1, 2026 at 20:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-3483 Missing Authorization vulnerability in SzMake Contact Form 7 Anti Spambot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form 7 Anti Spambot: from n/a through 1.0.1.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in SzMake Contact Form 7 Anti Spambot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form 7 Anti Spambot: from n/a through 1.0.1. Missing Authorization vulnerability in SzMake Contact Form 7 Anti Spambot contact-form-7-anti-spambot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form 7 Anti Spambot: from n/a through <= 1.0.1.
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

Fri, 17 Jan 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 16 Jan 2025 20:30:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in SzMake Contact Form 7 Anti Spambot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form 7 Anti Spambot: from n/a through 1.0.1.
Title WordPress Contact Form 7 Anti Spambot plugin <= 1.0.1 - Broken Access Control vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-05-11T22:45:26.951Z

Reserved: 2025-01-16T11:31:20.770Z

Link: CVE-2025-23862

cve-icon Vulnrichment

Updated: 2025-01-17T17:13:26.361Z

cve-icon NVD

Status : Deferred

Published: 2025-01-16T21:15:26.127

Modified: 2026-06-17T08:57:38.187

Link: CVE-2025-23862

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T20:45:25Z

Weaknesses