This vulnerability is present in the Advanced Contact Form 7 DB plugin for WordPress, affecting all versions up to and including 2.0.9. The issue arises from the lack of proper capability checks in the 'vsz_cf7_export_to_excel' function. As a result, users with minimal privileges, such as Subscriber-level roles, can gain unauthorized access to export form submission data into Excel files. This could lead to data exposure, privacy violations, or unauthorized data processing by individuals who normally should not have access to such information. The vulnerability poses a potential risk to sites using this plugin, especially those collecting sensitive data through contact forms. Regular capability checks and access controls are critical in plugins handling data export functionalities.

Administrators should immediately restrict export functions to higher privilege roles by introducing capability checks in the plugin's code. Until a patched version is available, consider disabling the export function by removing or commenting out the 'vsz_cf7_export_to_excel' functionality in the plugin temporarily. Monitor server logs for unusual export activities and limit user access to the minimal necessary permissions.