WordPress Plugin Bug Can Be Used to Create Rogue Admins

WordPress Plugin Bug Can Be Used to Create Rogue Admins

Author: ZoneWP

Date: April 7, 2020 

Category: Plugin development, SEO, Security, Tips and tricks, Tutorials, Webhosting

WordPress site owners who use the Contact Form 7 Datepicker plugin are forced to remove or deactivate it. In order to prevent attackers from creating rogue admins or taking over admin sessions after exploiting an authenticated cross-site scripting (XSS) vulnerability.

However, the Contact Form 7 plugin is completely safe. And it has not affected by the XSS vulnerability identified in Contact Form 7 Datepicker.

Plugin no longer available on WordPress Repository

This Contact Form 7 Datepicker plugin has been closed since 1 April 2020 and is not available for download. After Wordfence QA Engineer Ram Gall reported the XSS bug


World of WordPress is hosted by:

Rocket.net: Build Your Site on the Fastest WordPress Platform

With Rocket, your websites will be blazing fast, always protected, and supported 24/7 by our experts with over 17 years of experience.