Critical Vulnerabilities Patched in Redirection for Contact Form 7 Plugin

The Wordfence Threat Intelligence team just released information about several vulnerabilities found and patched in Redirection for Contact Form 7, a plugin used by over 200,000 websites.

These flaws could allow attackers to carry out a variety of exploits, which could be chained together for a full site takeover.

On February 11, 2021, the Wordfence Team contacted the plugin’s developer. They issued the full disclosure the next day, February 12, 2021, after creating an appropriate communication channel. On February 13, 2021, the plugin’s developers released a patch the next day.



Redirection for Contact Form 7 is a plugin that adds redirects to forms created with the common Contact Form 7 plugin, allowing users to be redirected straight after they submit a form. Several features of the plugin include the ability to configure redirects, import settings, and more.

These are listed as critical flaws. As a result, we strongly recommend you to update to the most recent patched version, 2.3.5, as soon as possible.


Disclosure: Our content is reader-supported, which means that if you click on some of our links that we may earn a commission.