Authorization Bypass in Extensions for CF7 by HT Plugins
CVE-2026-24991

5.3MEDIUM

Key Information:

Vendor: WordPress
Status: Extensions For Cf7
Vendor: CVE Published:; 3 February 2026

What is CVE-2026-24991?

The Extensions for CF7 product by HT Plugins has a vulnerability that allows unauthorized access due to incorrect access control configurations. Attackers can exploit this flaw to gain access to sensitive areas of the application, which can lead to data exposure and manipulation. This vulnerability affects versions of Extensions for CF7 up to 3.4.0, posing a significant risk to user security if not addressed promptly.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Extensions For CF7 <= n/a

References

https://patchstack.com/database/Wordpress/Plugin/extensio...

vdb-entry

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 3, 2026
Vulnerability Reserved
Jan 28, 2026

Credit

Nabil Irawan | Patchstack Bug Bounty Program

JSON

WordPress

What is CVE-2026-24991?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.