A security issue has been found in the Redirection for Contact Form 7 plugin for WordPress. This vulnerability allows attackers to inject malicious code and potentially delete files on a website. However, this only affects sites with PHP version 8 or lower and requires the installation and activation of a specific extension. If another plugin or theme with a specific code is also installed, the attacker may be able to delete files, access sensitive information, or run malicious code. If you have the Contact Form 7 plugin and the ‘Redirection For Contact Form 7 Extension – Create Post’ extension enabled, your site may be at risk.