9.3 High
AI Score
Confidence
High
Description The plugin does not have authorisation check when deleting CF7 API entry records, which could allow any authenticated users, such as subscriber to delete them
patchstack.com/database/vulnerability/contact-form-to-any-api/wordpress-contact-form-to-any-api-plugin-1-1-6-broken-access-control-vulnerability