WordPress Contact Form 7 plugin version 5.9 is vulnerable to Cross Site Scripting (XSS) – High severity.
The issue will be resolved by Resolve by 20 March 2024.
Asaf Mozes identified and alerted to a Cross Site Scripting (XSS) vulnerability present in the WordPress Contact Form 7 Plugin. This flaw could enable a malicious individual to inject harmful scripts, such as redirects, advertisements, and various HTML payloads into your website, triggering execution when visitors access your site. The issue has been addressed in version 5.9.2.
Solution:
Update the WordPress Contact Form 7 plugin to the latest available version (at least 5.9.2).