ByteOS Network

NVD Vulnerability Details :

CVE-2024-1779

Modified

Source-security@wordfence.com

Published At-23 Feb, 2024 | 07:15

Updated At-08 Apr, 2026 | 18:20

The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the zt_dcfcf_change_status() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to alter the message read status of messages.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Type: Secondary

Version: 3.1

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CPE Matches

zestard>>admin_side_data_storage_for_contact_form_7>>Versions up to 1.1.1(inclusive)

cpe:2.3:a:zestard:admin_side_data_storage_for_contact_form_7:*:*:*:*:*:wordpress:*:*

Weaknesses

CWE ID	Type	Source
CWE-862	Primary	security@wordfence.com
CWE-862	Secondary	nvd@nist.gov

CWE ID: CWE-862

Type: Primary

Source: security@wordfence.com

CWE ID: CWE-862

Type: Secondary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://plugins.trac.wordpress.org/browser/admin-side-data-storage-for-contact-form-7/trunk/inc/admin/class.ztdcfcf.admin.action.php#L213	security@wordfence.com	Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/52e4f79f-1148-4530-8d78-377a7365978a?source=cve	security@wordfence.com	Third Party Advisory
https://plugins.trac.wordpress.org/browser/admin-side-data-storage-for-contact-form-7/trunk/inc/admin/class.ztdcfcf.admin.action.php#L213	af854a3a-2127-422b-91ae-364da2661108	Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/52e4f79f-1148-4530-8d78-377a7365978a?source=cve	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory

Hyperlink: https://plugins.trac.wordpress.org/browser/admin-side-data-storage-for-contact-form-7/trunk/inc/admin/class.ztdcfcf.admin.action.php#L213

Source: security@wordfence.com

Resource:

Product

Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/52e4f79f-1148-4530-8d78-377a7365978a?source=cve

Source: security@wordfence.com

Resource:

Third Party Advisory

Hyperlink: https://plugins.trac.wordpress.org/browser/admin-side-data-storage-for-contact-form-7/trunk/inc/admin/class.ztdcfcf.admin.action.php#L213

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Product

Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/52e4f79f-1148-4530-8d78-377a7365978a?source=cve

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Third Party Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History