A vulnerability was found in Connect Contact Form 7 Plugin up to 0.9.78.06. It has been declared as problematic. The affected element is an unknown function of the component Merge Field Values. Executing a manipulation can lead to cross site scripting.
This vulnerability is tracked as CVE-2026-15000. The attack can be launched remotely. No exploit exists.