https://www.pluginvulnerabilities.com/2017/06/12/cross-site-request-forgery-csrf-vulnerability-in-contact-form-7-paypal-add-on/

After noticing a number of vulnerabilities in a couple of plugins that work with the plugin Contact Form 7 we started looking over other plugins that work with it. In doing that we found that the plugin Contact Form 7 – PayPal Add-on has a cross-site request forgery (CSRF) vulnerability in its code to save the plugin’s settings, which could be used to

Share This