A vulnerability categorized as critical has been discovered in mariovalney CF7 to Webhook Plugin up to 5.0.0 on WordPress. Affected is an unknown function of the component Placeholder Handler . Executing a manipulation can lead to server-side request forgery. The identification of this vulnerability is CVE-2026-11395 . The attack may be launched remotely. There is no exploit available.