https://www.pluginvulnerabilities.com/2017/06/08/information-disclosure-vulnerability-in-save-contact-form-7/

While looking into a recent security fix for a SQL injection vulnerability in version 2.0 of the plugin Save Contact Form 7 we noticed a much larger issue in the relevant code, all the contact form submissions saved by the plugin are publicly accessible.

Normally the submissions saved by the plugin are viewed through the plugin’s admin page which is only

Share This