Interesting bits of information

Welcome to our blog where we share ideas, technical tips, creative thoughts and inspiration about the web and life at the Web-Lab Co.

2 April 2020

Adrian Fowler

Adrian Fowler


Cross Site Scripting (XSS) vulnerability in Contact Form 7

On April 1, 2020, the Wordfence Threat Intelligence team discovered a stored Cross Site Scripting (XSS) vulnerability in Contact Form 7 Datepicker, a WordPress plugin installed on over 100,000 sites.

This plugin has been closed as of April 1, 2020 and is not available for download. This closure is temporary, pending a full review.

What should I do?

Anyone using this integration for Contact Form 7 is advised to remove the plugin until a full review has been conducted.

As is the case with all plugin’s which become neglected, they soon become open to attack and leave website owners vulnerable to hacks.

Like this post?

This entry was posted in Website Security
Back to posts