{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T05:44:23.798","vulnerabilities":[{"cve":{"id":"CVE-2026-3831","sourceIdentifier":"security@wordfence.com","published":"2026-04-01T02:16:03.357","lastModified":"2026-04-01T14:23:37.727","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the entries_shortcode() function in all versions up to, and including, 1.4.9. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract all form submissions - including names, emails, phone numbers."},{"lang":"es","value":"El plugin Database for Contact Form 7, WPforms, Elementor forms para WordPress es vulnerable a acceso no autorizado de datos debido a una comprobación de capacidad faltante en la función entries_shortcode() en todas las versiones hasta la 1.4.9, inclusive. Esto hace posible que atacantes autenticados, con acceso de nivel Colaborador y superior, extraigan todos los envíos de formulario, incluyendo nombres, correos electrónicos y números de teléfono."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/contact-form-entries/tags/1.4.8/contact-form-entries.php#L204","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a033ea44-8084-44c1-8e24-bdb1b61c3566?source=cve","source":"security@wordfence.com"}]}}]}