Missing Authorization Issue in CF7 7 Mailchimp Add-on by kamleshyadav
CVE-2025-29012

5.3MEDIUM

Key Information:

Vendor: WordPress
Status: Cf7 7 Mailchimp Add-on
Vendor: CVE Published:; 4 July 2025

What is CVE-2025-29012?

The CF7 7 Mailchimp Add-on, developed by kamleshyadav, is susceptible to a missing authorization vulnerability that stems from improperly configured access control security levels. Attackers may exploit this weakness to gain unauthorized access to restricted functionalities, potentially leading to data exposure. It is essential for users to review their configurations and apply necessary updates to mitigate associated risks.

Affected Version(s)

CF7 7 Mailchimp Add-on <= 2.2

References

https://patchstack.com/database/wordpress/plugin/cf7-mail...

vdb-entry

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 4, 2025
Vulnerability Reserved
Mar 11, 2025

Credit

Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) (Patchstack Alliance)

WordPress

What is CVE-2025-29012?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit