friday3 Apr 2020

Vulnerability Discovered in Contact Form 7 Datepicker <= 2.6.0

https://www.wordfence.com

Contact Form 7 Datepicker WordPress plugin has 100,000+ active installations and can be used to add a datepicker to forms generated by Contact Form 7, and it includes the ability to modify settings for these datepickers. In versions <= 2.6.0, there is a vulnerability that allows attackers with minimal permissions, such as a subscriber, to send a crafted request containing malicious JavaScript which would be stored in the plugin’s settings.

The plugin developers are no longer maintaining it and WordPress has removed it from the WordPress Plugin Repo. If your site has this plugin, it’s best you remove it ASAP.

Link | h/t: Saijo

General

Vulnerability Discovered in Contact Form 7 Datepicker <= 2.6.0

I love tl;dr Marketing because I can get all the latest SEO news and trends in one spot without having to read lengthy articles. I really look forward to the daily emails to see what's new in our industry!

Curated by Saijo George

friday3 Apr 2020

Vulnerability Discovered in Contact Form 7 Datepicker <= 2.6.0

Ryan Mews SEO Manager Merkle