Threat Post

Unpatched WordPress Plugin Code-Injection Bug Afflicts 50K Sites

An CRSF-to-stored-XSS security bug plagues 50,000 ‘Contact Form 7’ Style users. A security bug in Contact Form 7 Style, a WordPress plugin installed on over 50,000 sites, could allow for malicious ...
Searchenginejournal.com

Contact Form 7 Vulnerability in +5 Million Sites

An unrestricted file upload vulnerability in a WordPress plugin is when the plugin allows an attacker to upload a web shell (malicious script) that can then be used to take over a site, tamper with a ...