Description
Insertion of Sensitive Information Into Sent Data vulnerability in WEN Solutions Contact Form 7 GetResponse Extension contact-form-7-getresponse-extension allows Retrieve Embedded Sensitive Data.This issue affects Contact Form 7 GetResponse Extension: from n/a through <= 1.0.8.
Published: 2026-01-23
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Sensitive Data Exposure
Action: Apply Patch
AI Analysis

Impact

WEN Solutions Contact Form 7 GetResponse Extension suffers from a Sensitive Data Exposure flaw that allows the plugin to insert sensitive information into transmitted data, thereby leaking embedded sensitive data to unintended recipients. This vulnerability arises from improper sanitization of outgoing requests, enabling an attacker to obtain confidential information that the plugin handles during form submissions.

Affected Systems

Any WordPress installation that uses the WEN Solutions Contact Form 7 GetResponse Extension plugin version 1.0.8 or earlier is affected. The vulnerability applies to all supported WordPress environments where the plugin is active and configured to send form data to GetResponse.

Risk and Exploitability

The flaw carries a CVSS score of 5.3, indicating moderate severity. The estimate of exploitation likelihood (EPSS < 1%) is low, and it is not listed in CISA's KEV catalog, suggesting limited public exploitation. Nonetheless, if an attacker can manipulate form submissions or compromise the WordPress site, they may cause the plugin to transmit sensitive data to external endpoints, potentially exposing private user information. The attack vector is inferred to be through the plugin’s outbound HTTP requests triggered by legitimate form usage.

Generated by OpenCVE AI on April 16, 2026 at 01:45 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Contact Form 7 GetResponse Extension plugin to a version newer than 1.0.8 or remove the plugin if no update exists.
  • Verify that the updated plugin does not include sensitive information in outbound requests by testing form submissions and inspecting generated traffic.
  • Apply the principle of least privilege to the plugin by ensuring only trusted administrators can enable or configure its settings.

Generated by OpenCVE AI on April 16, 2026 at 01:45 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 26 Jan 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 26 Jan 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Mon, 26 Jan 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Wen Solutions
Wen Solutions contact Form 7 Getresponse Extension
Wordpress
Wordpress wordpress
Vendors & Products Wen Solutions
Wen Solutions contact Form 7 Getresponse Extension
Wordpress
Wordpress wordpress

Fri, 23 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
Description Insertion of Sensitive Information Into Sent Data vulnerability in WEN Solutions Contact Form 7 GetResponse Extension contact-form-7-getresponse-extension allows Retrieve Embedded Sensitive Data.This issue affects Contact Form 7 GetResponse Extension: from n/a through <= 1.0.8.
Title WordPress Contact Form 7 GetResponse Extension plugin <= 1.0.8 - Sensitive Data Exposure vulnerability
Weaknesses CWE-201
References

Subscriptions

Wen Solutions Contact Form 7 Getresponse Extension
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:14:49.316Z

Reserved: 2026-01-23T12:31:51.716Z

Link: CVE-2026-24557

cve-icon Vulnrichment

Updated: 2026-01-26T17:33:28.304Z

cve-icon NVD

Status : Deferred

Published: 2026-01-23T15:16:12.870

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-24557

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T02:00:12Z

Weaknesses