A vulnerability, which was classified as critical , was found in zealopensource Abandoned Contact Form 7 Plugin up to 2.2 on WordPress. This issue affects the function action__remove_abandoned . Executing a manipulation can lead to missing authorization. The identification of this vulnerability is CVE-2026-9187 . The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.