CVE-2025-62915: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability was discovered in the WordPress plugin 'SMS Contact Form 7 Notifications by ClickSend' (clicksend-contactform7) affecting versions up to 1.4.0. The vulnerability was identified on September 30, 2025, and was assigned CVE-2025-62915. The issue allows attackers to exploit incorrectly configured access control security levels (NVD, Wordfence).

The vulnerability has been assigned a CVSS v3.1 Base Score of 8.1 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N, as assessed by CISA-ADP. The vulnerability is classified under CWE-862 (Missing Authorization) (NVD).

The vulnerability poses significant risks as it allows attackers to exploit access control security levels, potentially leading to unauthorized access to sensitive information and system modifications. The high CVSS score of 8.1 indicates severe potential impact, particularly in terms of confidentiality and integrity (NVD).

Users of the SMS Contact Form 7 Notifications by ClickSend plugin should upgrade to a version newer than 1.4.0 if available, or implement additional access control measures to protect against unauthorized access (Patchstack).