CVE-2026-9187 | zealopensource Abandoned Contact Form 7 Plugin up to 2.2 on WordPress action__remove_abandoned authorization

Inserito da Angelo Barbosa | Giu 16, 2026 | CVE

A vulnerability, which was classified as critical, was found in zealopensource Abandoned Contact Form 7 Plugin up to 2.2 on WordPress. This issue affects the function action__remove_abandoned. Executing a manipulation can lead to missing authorization.

The identification of this vulnerability is CVE-2026-9187. The attack may be launched remotely. There is no exploit available.

You should upgrade the affected component.

CVE-2026-9187 | zealopensource Abandoned Contact Form 7 Plugin up to 2.2 on WordPress action__remove_abandoned authorization

Post correlati

CVE-2024-23500 | Kadence WP Gutenberg Blocks Plugin up to 3.2.19 on WordPress server-side request forgery

CVE-2023-51699 | fluid-cloudnative fluid up to 0.9.2 os command injection (GHSA-wx8q-4gm9-rj2g)

CVE-2025-12765 | pgAdmin 4 up to 9.9 TLS Certificate certificate validation (Issue 9324)

CVE-2025-6099 | szluyu99 gin-vue-blog up to 61dd11ccd296e8642a318ada3ef7b3f7776d2410 PATCH Request manager.go improper authorization