CVE-2024-9629: CWE-862 Missing Authorization in hokku Contact Form 7 + Telegram
CVE-2024-9629 is a medium severity vulnerability in the hokku Contact Form 7 + Telegram WordPress plugin (up to version 0. 8. 5) caused by missing authorization checks in the ajax handler function. Authenticated users with subscriber-level privileges or higher can exploit this flaw to modify subscription states, including approving, pausing, or refusing subscriptions, without proper permission. The vulnerability impacts data integrity and availability but does not expose confidentiality risks. Exploitation requires authentication but no user interaction beyond that. No known exploits are currently reported in the wild. Organizations using this plugin should prioritize updating or applying custom access controls to mitigate risks. The vulnerability primarily affects WordPress sites using this plugin, which are widespread globally but especially prevalent in countries with large WordPress user bases. Given the ease of exploitation and potential disruption to subscription workflows, the threat poses a moderate risk to affected sites worldwide.
AI Analysis
Technical Summary
CVE-2024-9629 identifies a missing authorization vulnerability (CWE-862) in the hokku Contact Form 7 + Telegram plugin for WordPress, specifically in the 'wpcf7_Telegram::ajax' function. This function lacks proper capability checks, allowing authenticated users with subscriber-level access or higher to perform unauthorized actions on subscription data. These actions include approving, pausing, or refusing subscriptions, which can lead to unauthorized modification or loss of subscription data. The vulnerability affects all versions up to and including 0.8.5. The CVSS 3.1 base score is 5.4 (medium), reflecting that the attack vector is remote network (AV:N), with low attack complexity (AC:L), requiring privileges (PR:L) but no user interaction (UI:N). The impact affects integrity and availability but not confidentiality. No patches or exploits are currently publicly available, but the vulnerability is published and should be addressed promptly. The flaw arises from insufficient authorization checks in AJAX handlers, a common issue in WordPress plugins that can lead to privilege escalation or unauthorized data manipulation.
Potential Impact
The vulnerability allows authenticated users with minimal privileges (subscriber-level) to manipulate subscription statuses without authorization, potentially disrupting subscription workflows and causing data integrity issues. This could result in denial of service for legitimate subscribers if their subscriptions are paused or refused maliciously. While confidentiality is not directly impacted, the integrity and availability of subscription data are at risk. For organizations relying on this plugin for customer engagement or communication via Telegram, this could degrade service quality and trust. Attackers exploiting this flaw could also use it as a foothold for further attacks within the WordPress environment. The scope is limited to sites using the vulnerable plugin, but given WordPress's extensive market share, the number of affected sites could be significant worldwide.
Mitigation Recommendations
Organizations should immediately verify if they use the hokku Contact Form 7 + Telegram plugin and identify the version in use. Since no official patch links are provided yet, administrators should consider temporarily disabling the plugin or restricting access to authenticated users with subscriber-level privileges until a fix is released. Implementing custom capability checks or access controls on the AJAX endpoints can mitigate unauthorized actions. Monitoring logs for unusual subscription state changes can help detect exploitation attempts. Keeping WordPress core and all plugins updated regularly is critical. Once a patch is released, prompt application is essential. Additionally, applying the principle of least privilege by limiting subscriber-level user capabilities can reduce exploitation risk. Employing web application firewalls (WAFs) with rules targeting unauthorized AJAX requests may provide interim protection.
Affected Countries
United States, Germany, United Kingdom, India, Brazil, Canada, Australia, France, Netherlands, Japan, Italy, Spain
CVE-2024-9629: CWE-862 Missing Authorization in hokku Contact Form 7 + Telegram
Description
CVE-2024-9629 is a medium severity vulnerability in the hokku Contact Form 7 + Telegram WordPress plugin (up to version 0. 8. 5) caused by missing authorization checks in the ajax handler function. Authenticated users with subscriber-level privileges or higher can exploit this flaw to modify subscription states, including approving, pausing, or refusing subscriptions, without proper permission. The vulnerability impacts data integrity and availability but does not expose confidentiality risks. Exploitation requires authentication but no user interaction beyond that. No known exploits are currently reported in the wild. Organizations using this plugin should prioritize updating or applying custom access controls to mitigate risks. The vulnerability primarily affects WordPress sites using this plugin, which are widespread globally but especially prevalent in countries with large WordPress user bases. Given the ease of exploitation and potential disruption to subscription workflows, the threat poses a moderate risk to affected sites worldwide.
AI-Powered Analysis
Technical Analysis
CVE-2024-9629 identifies a missing authorization vulnerability (CWE-862) in the hokku Contact Form 7 + Telegram plugin for WordPress, specifically in the 'wpcf7_Telegram::ajax' function. This function lacks proper capability checks, allowing authenticated users with subscriber-level access or higher to perform unauthorized actions on subscription data. These actions include approving, pausing, or refusing subscriptions, which can lead to unauthorized modification or loss of subscription data. The vulnerability affects all versions up to and including 0.8.5. The CVSS 3.1 base score is 5.4 (medium), reflecting that the attack vector is remote network (AV:N), with low attack complexity (AC:L), requiring privileges (PR:L) but no user interaction (UI:N). The impact affects integrity and availability but not confidentiality. No patches or exploits are currently publicly available, but the vulnerability is published and should be addressed promptly. The flaw arises from insufficient authorization checks in AJAX handlers, a common issue in WordPress plugins that can lead to privilege escalation or unauthorized data manipulation.
Potential Impact
The vulnerability allows authenticated users with minimal privileges (subscriber-level) to manipulate subscription statuses without authorization, potentially disrupting subscription workflows and causing data integrity issues. This could result in denial of service for legitimate subscribers if their subscriptions are paused or refused maliciously. While confidentiality is not directly impacted, the integrity and availability of subscription data are at risk. For organizations relying on this plugin for customer engagement or communication via Telegram, this could degrade service quality and trust. Attackers exploiting this flaw could also use it as a foothold for further attacks within the WordPress environment. The scope is limited to sites using the vulnerable plugin, but given WordPress's extensive market share, the number of affected sites could be significant worldwide.
Mitigation Recommendations
Organizations should immediately verify if they use the hokku Contact Form 7 + Telegram plugin and identify the version in use. Since no official patch links are provided yet, administrators should consider temporarily disabling the plugin or restricting access to authenticated users with subscriber-level privileges until a fix is released. Implementing custom capability checks or access controls on the AJAX endpoints can mitigate unauthorized actions. Monitoring logs for unusual subscription state changes can help detect exploitation attempts. Keeping WordPress core and all plugins updated regularly is critical. Once a patch is released, prompt application is essential. Additionally, applying the principle of least privilege by limiting subscriber-level user capabilities can reduce exploitation risk. Employing web application firewalls (WAFs) with rules targeting unauthorized AJAX requests may provide interim protection.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Wordfence
- Date Reserved
- 2024-10-08T13:02:06.953Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 699f6b54b7ef31ef0b552445
Added to database: 2/25/2026, 9:36:20 PM
Last enriched: 2/25/2026, 11:30:29 PM
Last updated: 2/26/2026, 7:58:41 AM
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2026-25191: Uncontrolled Search Path Element in Digital Arts Inc. FinalCode Ver.5 series
HighCVE-2026-23703: Incorrect default permissions in Digital Arts Inc. FinalCode Ver.5 series
HighCVE-2026-1311: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in bearsthemes Worry Proof Backup
HighFinding Signal in the Noise: Lessons Learned Running a Honeypot with AI Assistance [Guest Diary], (Tue, Feb 24th)
MediumCVE-2026-2506: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in motahar1 EM Cost Calculator
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.