https://www.pluginvulnerabilities.com/2017/06/08/information-disclosure-vulnerability-in-save-contact-form-7/

While looking into a recent security fix for a SQL injection vulnerability in version 2.0 of the plugin Save Contact Form 7 we noticed a much larger issue in the relevant code, all the contact form submissions saved by the plugin are publicly accessible.

Normally the submissions saved by the plugin are viewed through the plugin’s admin page which is only

Share This

We are using cookies on our website

Please confirm, if you accept our tracking cookies. You can also decline the tracking, so you can continue to visit our website without any data sent to third party services.