WordPress Press

Severe Vulnerabilities Patched in Redirection for Contact Form 7 Plugin

On February 11, 2021, our Threat Intelligence team responsibly disclosed several vulnerabilities in Redirection for Contact Form 7, a WordPress plugin used by over 200,000 sites. One of these flaws made it possible for unauthenticated attackers to generate arbitrary nonces for any function. The second flaw made it possible for authenticated attackers to install arbitrary plugins and inject PHP Objects. The third flaw made it possible for authenticated attackers to delete arbitrary posts on a site running the plugin causing a loss of availability.

Full Article!

Podobne