๐Ÿ” CVE Alert

CVE-2025-13717

MEDIUM 5.3

Contact Form vCard Generator <= 2.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure via 'wp-gvc-cf-download-id' Parameter

CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
0th

The Contact Form vCard Generator plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wp_gvccf_check_download_request' function in all versions up to, and including, 2.4. This makes it possible for unauthenticated attackers to export sensitive Contact Form 7 submission data via the 'wp-gvc-cf-download-id' parameter, including names, phone numbers, email addresses, and messages.

CWE CWE-862
Vendor ashishajani
Product contact form vcard generator
Published Jan 9, 2026
Last Updated Apr 8, 2026
Stay Ahead of the Next One

Get instant alerts for ashishajani contact form vcard generator

Be the first to know when new medium vulnerabilities affecting ashishajani contact form vcard generator are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

ashishajani / Contact Form vCard Generator
0 โ‰ค 2.4

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/bdde4399-af90-4528-92a4-5176dfa5e453?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/contact-form-vcard-generator/trunk/includes/wp-gvc-cf-settings.php#L13 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/contact-form-vcard-generator/tags/2.4/includes/wp-gvc-cf-settings.php#L13 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/contact-form-vcard-generator/trunk/includes/wp-gvc-cf-settings.php#L105 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/contact-form-vcard-generator/tags/2.4/includes/wp-gvc-cf-settings.php#L105

Credits

Sopon Tangpathum (SoNaJaa)