Description
Missing Authorization vulnerability in August Infotech Multi-language Responsive Contact Form responsive-contact-form allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Multi-language Responsive Contact Form: from n/a through <= 2.8.
Published: 2025-07-16
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw is a missing authorization check in August Infotech's Multi‑Language Responsive Contact Form plugin, which permits users to invoke protected functionality without proper privilege verification. Attackers can exploit this to access features that should be restricted, potentially manipulating contact form behavior or retrieving sensitive data via the plugin's endpoints.

Affected Systems

Affected systems are installations of the August Infotech Multi‑Language Responsive Contact Form plugin running version 2.8 or earlier. No other product versions are stated to be impacted.

Risk and Exploitability

The CVSS score of 7.5 categorizes the vulnerability as high impact. The EPSS score is below 1%, indicating a low current exploitation probability, and the vulnerability is not listed in CISA KEV. The attack vector is inferred to be local to the web application, likely through HTTP requests to plugin endpoints; an attacker does not need privileged credentials to trigger the flaw.

Generated by OpenCVE AI on April 30, 2026 at 16:32 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply an official patch that removes the access control defect. If none is available, upgrade the plugin to any version newer than 2.8 once released.
  • If a patch is unavailable, disable or uninstall the problematic plugin to eliminate the attack surface.
  • Restrict access to the plugin’s administrative interfaces so that only users with appropriate privileges can reach them, and configure web‑application firewall rules to flag anomalous access attempts.

Generated by OpenCVE AI on April 30, 2026 at 16:32 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-21605 Missing Authorization vulnerability in August Infotech Multi-language Responsive Contact Form allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Multi-language Responsive Contact Form: from n/a through 2.8.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in August Infotech Multi-language Responsive Contact Form allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Multi-language Responsive Contact Form: from n/a through 2.8. Missing Authorization vulnerability in August Infotech Multi-language Responsive Contact Form responsive-contact-form allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Multi-language Responsive Contact Form: from n/a through <= 2.8.
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Wed, 16 Jul 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00031}

Wed, 16 Jul 2025 11:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in August Infotech Multi-language Responsive Contact Form allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Multi-language Responsive Contact Form: from n/a through 2.8.
Title WordPress Multi-language Responsive Contact Form plugin <= 2.8 - Broken Access Control Vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:11:52.604Z

Reserved: 2025-03-11T08:10:52.910Z

Link: CVE-2025-29000

cve-icon Vulnrichment

Updated: 2025-07-16T13:42:34.369Z

cve-icon NVD

Status : Deferred

Published: 2025-07-16T12:15:24.527

Modified: 2026-04-23T15:26:45.687

Link: CVE-2025-29000

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T16:45:26Z

Weaknesses