Based on the description, this vulnerability is a missing authorization flaw in the CRM Perks Integration for Salesforce and Contact Form 7 plugin, enabling attackers to exploit incorrectly configured access control levels. If successful, an unauthorized party could view or manipulate plugin settings or data, potentially impacting confidentiality and integrity.

The affected plugin is the CRM Perks Integration for Salesforce and Contact Form 7 plugin for WordPress, which supports Contact Form 7, WPForms, Elementor, Formidable, and Ninja Forms. Versions from the initial release to and including 1.4.6 are impacted; newer releases are not known to be affected.

The CVSS score of 4.3 indicates moderate severity. The EPSS score of less than 1% suggests exploitation is currently unlikely, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, the attack vector is inferred to involve reaching the plugin’s administrative endpoints, likely through the WordPress admin area, where missing permission checks can be exploited. Because the flaw relies on insufficient access control rather than a remote code execution path, the condition for exploitation is relatively simple but still requires authenticated or unauthenticated access to the admin interface, depending on site configuration.