Description
Missing Authorization vulnerability in mailercloud Mailercloud – Integrate webforms and synchronize website contacts mailercloud-integrate-webforms-synchronize-contacts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mailercloud – Integrate webforms and synchronize website contacts: from n/a through <= 1.0.7.
Published: 2026-04-08
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability is a missing authorization flaw that allows an attacker to exploit incorrectly configured access control in the Mailercloud – Integrate webforms and synchronize website contacts plugin. The flaw enables unauthenticated users to read or manipulate contact records stored by the plugin, potentially leading to data exposure, data tampering, or the injection of malicious entries that could compromise the website’s integrity and user privacy.

Affected Systems

The affected product is Mailercloud – Integrate webforms and synchronize website contacts, with all versions from the earliest release through version 1.0.7 susceptible to the issue. No other vendors or products are impacted.

Risk and Exploitability

The CVSS score of 5.3 indicates a medium severity level, while the EPSS score of less than 1% suggests that exploit attempts are currently rare. The vulnerability is not listed in the CISA KEV catalog. Attacks are likely to be carried out by sending crafted HTTP requests to the plugin’s endpoints; the precise vector is not detailed in the official record but can be inferred from the description of a broken access control mechanism.

Generated by OpenCVE AI on April 29, 2026 at 12:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Mailercloud plugin to a version higher than 1.0.7, if an update is available.
  • Restrict external access to the plugin’s endpoints by configuring WordPress or the web server to allow only authenticated admin users (e.g., using .htaccess rules or a custom capability check).
  • If the plugin is not essential, disable or delete it to eliminate the vulnerability.

Generated by OpenCVE AI on April 29, 2026 at 12:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 29 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in mailercloud Mailercloud &#8211; Integrate webforms and synchronize website contacts mailercloud-integrate-webforms-synchronize-contacts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mailercloud &#8211; Integrate webforms and synchronize website contacts: from n/a through <= 1.0.7. Missing Authorization vulnerability in mailercloud Mailercloud – Integrate webforms and synchronize website contacts mailercloud-integrate-webforms-synchronize-contacts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mailercloud – Integrate webforms and synchronize website contacts: from n/a through <= 1.0.7.

Mon, 13 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 08 Apr 2026 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Mailercloud
Mailercloud mailercloud &#8211; Integrate Webforms And Synchronize Website Contacts
Wordpress
Wordpress wordpress
Vendors & Products Mailercloud
Mailercloud mailercloud &#8211; Integrate Webforms And Synchronize Website Contacts
Wordpress
Wordpress wordpress

Wed, 08 Apr 2026 08:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in mailercloud Mailercloud &#8211; Integrate webforms and synchronize website contacts mailercloud-integrate-webforms-synchronize-contacts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mailercloud &#8211; Integrate webforms and synchronize website contacts: from n/a through <= 1.0.7.
Title WordPress Mailercloud – Integrate webforms and synchronize website contacts plugin <= 1.0.7 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Mailercloud Mailercloud &#8211; Integrate Webforms And Synchronize Website Contacts
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-29T09:52:04.440Z

Reserved: 2026-04-07T10:58:29.177Z

Link: CVE-2026-39713

cve-icon Vulnrichment

Updated: 2026-04-13T18:17:57.192Z

cve-icon NVD

Status : Deferred

Published: 2026-04-08T09:16:44.267

Modified: 2026-04-29T10:17:43.847

Link: CVE-2026-39713

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T13:00:06Z

Weaknesses