Contact Form 7 Datepicker - High Vulnerability Leads To Plugin Closure

[ianscott]

On April 1, 2020, the Wordfence Threat Intelligence team discovered a stored Cross Site Scripting (XSS) vulnerability in Contact Form 7 Datepicker, a WordPress plugin installed on over 100,000 sites.

Read More.

 

[djbaxter]

Note this is just the datepicker addon, not the contact form itself.

See

100K+ WordPress sites using the Contact Form 7 Datepicker plugin are exposed to hack

An authenticated stored XSS vulnerability could allow attackers to create rogue admins on WordPress sites using Contact Form 7 Datepicker plugin.

securityaffairs.co