Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2026-01-13
CVE-2025-13717 - Contact Form Vcard Generator Plugin
The Contact Form vCard Generator plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wp_gvccf_check_download_request' function in all versions up to, and including, 2.4. This makes it possible for unauthenticated attackers to export sensitive Contact Form 7 submission data via the 'wp-gvc-cf-download-id' parameter, including names, phone numbers, email addresses, and messages.
PLUGIN
Contact Form Vcard Generator
CVE-2025-13717
Risk Score