CVE-2026-24557
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-23

Last updated on: 2026-01-26

Assigner: Patchstack

Description
Insertion of Sensitive Information Into Sent Data vulnerability in WEN Solutions Contact Form 7 GetResponse Extension contact-form-7-getresponse-extension allows Retrieve Embedded Sensitive Data.This issue affects Contact Form 7 GetResponse Extension: from n/a through <= 1.0.8.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-23
Last Modified
2026-01-26
Generated
2026-06-16
AI Q&A
2026-01-24
EPSS Evaluated
2026-06-15
NVD
CVE-2026-24557
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wen_solutions contact_form_7_getresponse_extension to 1.0.8 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-201 The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability allows unauthenticated attackers to access sensitive information that is normally restricted, which could lead to non-compliance with data protection standards and regulations such as GDPR and HIPAA that require safeguarding sensitive data. Exposure of sensitive data may result in violations of these regulations, potentially leading to legal and financial consequences. [1]

Executive Summary

This vulnerability in the Contact Form 7 GetResponse Extension Plugin allows unauthenticated attackers to retrieve sensitive information that is normally protected. It is a Sensitive Data Exposure issue affecting versions up to 1.0.8, potentially enabling attackers to access embedded sensitive data within sent data. [1]

Impact Analysis

The vulnerability can lead to unauthorized access to sensitive information, which may result in further exploitation of other system weaknesses. Although the severity is considered low (CVSS 5.3), it still poses a risk of sensitive data exposure that could compromise privacy or security. [1]

Mitigation Strategies

Since no official fix or patched version is currently available for this vulnerability, immediate mitigation steps include monitoring for unauthorized access attempts and limiting exposure of the Contact Form 7 GetResponse Extension plugin. Consider disabling or removing the plugin until a patch is released to prevent sensitive data exposure. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-24557. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart