CVE-2026-24557 PUBLISHED

WordPress Contact Form 7 GetResponse Extension plugin <= 1.0.8 - Sensitive Data Exposure vulnerability

Assigner: Patchstack
Reserved: 23.01.2026 Published: 23.01.2026 Updated: 23.01.2026

Insertion of Sensitive Information Into Sent Data vulnerability in WEN Solutions Contact Form 7 GetResponse Extension contact-form-7-getresponse-extension allows Retrieve Embedded Sensitive Data.This issue affects Contact Form 7 GetResponse Extension: from n/a through <= 1.0.8.

Product Status

Vendor WEN Solutions
Product Contact Form 7 GetResponse Extension
Versions Default: unaffected
  • affected from n/a to <= 1.0.8 (incl.)

Credits

  • Nabil Irawan | Patchstack Bug Bounty Program finder

References

Problem Types

  • Insertion of Sensitive Information Into Sent Data CWE

Impacts

  • Retrieve Embedded Sensitive Data