Unauthenticated Options Change vulnerability discovered by mirphak (Patchstack Alliance) in WordPress Redirection for Contact Form 7 plugin (versions <= 2.4.0). Successful exploitation requires an additional extension (plugin) AccessiBe. An attacker can inject a script into the footer.
Update the WordPress Redirection for Contact Form 7 plugin to the latest available version (at least 2.6.0).
CPE | Name | Operator | Version |
---|---|---|---|
redirection for contact form 7 | le | 2.4.0 |