The Wordfence Threat Intelligence team just released information about several vulnerabilities found and patched in Redirection for Contact Form 7, a plugin used by over 200,000 websites.
These flaws could allow attackers to carry out a variety of exploits, which could be chained together for a full site takeover.
On February 11, 2021, the Wordfence Team contacted the plugin’s developer. They issued the full disclosure the next day, February 12, 2021, after creating an appropriate communication channel. On February 13, 2021, the plugin’s developers released a patch the next day.
Moments ago, the Wordfence Threat Intelligence team published details about several vulnerabilities patched in Redirection for Contact Form 7, a plugin installed on over 200,000 sites. https://t.co/vgKekwX5Nr— Wordfence (@wordfence) April 20, 2021
Redirection for Contact Form 7 is a plugin that adds redirects to forms created with the common Contact Form 7 plugin, allowing users to be redirected straight after they submit a form. Several features of the plugin include the ability to configure redirects, import settings, and more.
These are listed as critical flaws. As a result, we strongly recommend you to update to the most recent patched version, 2.3.5, as soon as possible.