The Contact Form 7 plugin for WordPress has a data storage system for the admin side that is not secure in versions up to 1.1.1. This lack of security allows people who are not authorized to inject their own web scripts into webpages. These scripts will run every time someone visits a page with an injected script.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
