WordPress Contact Form 7 Redirection Plugin Vulnerability Hits 300k Sites

A vulnerability advisory was issued for a WordPress Contact Form 7 add-on plugin that enables unauthenticated attackers to “easily” launch a remote code execution. The vulnerability is rated high (8.8/10) on the CVSS threat severity scale.

Screenshot from Wordfence advisory showing 8.8 CVSS severity rating

Redirection for Contact Form 7 plugin

The vulnerability affects the Redirection for Contact Form 7 WordPress plugin, which is installed on over 300,000 websites. The plugin extends the functionality of the popular Contact Form 7 plugin. It…