WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Redirection for Contact Form 7

2022-09-29
Redirection for Contact Form 7 < 2.6.0 - Unauthenticated Options Update to Stored XSS
Fixed in version 2.6.0
2022-03-07
Redirection for Contact Form 7 < 2.5.0 - Reflected Cross-Site Scripting
Fixed in version 2.5.0
2022-02-28
Unauthorised AJAX Calls via Freemius
Fixed in version 2.5.0
2021-04-20
Redirection for Contact Form 7 < 2.3.4 - Unauthenticated Arbitrary Nonce Generation
Fixed in version 2.3.4
2021-04-20
Redirection for Contact Form 7 < 2.3.4 - Authenticated Arbitrary Plugin Installation
Fixed in version 2.3.4
2021-04-20
Redirection for Contact Form 7 < 2.3.4 - Authenticated PHP Object Injection
Fixed in version 2.3.4
2021-04-20
Redirection for Contact Form 7 < 2.3.4 - Authenticated Arbitrary Post Deletion
Fixed in version 2.3.4
2021-04-20
Redirection for Contact Form 7 < 2.3.4 - Unprotected AJAX Actions
Fixed in version 2.3.4