https://www.pluginvulnerabilities.com/2017/06/08/authenticated-information-disclosure-vulnerability-in-contact-form-7-database/

After noticing that another plugin that saves contact form submissions from the plugin Contact Form 7 made them publicly accessible we took a look other plugins that also save them to see if any of them had a similar issue. In doing that we found that the plugin Contact Form 7 Database made saved contact form submissions available to anyone logged in

Share This