Date: April 7, 2020
WordPress site owners who use the Contact Form 7 Datepicker plugin are forced to remove or deactivate it. In order to prevent attackers from creating rogue admins or taking over admin sessions after exploiting an authenticated cross-site scripting (XSS) vulnerability.
However, the Contact Form 7 plugin is completely safe. And it has not affected by the XSS vulnerability identified in Contact Form 7 Datepicker.Plugin no longer available on WordPress Repository
This Contact Form 7 Datepicker plugin has been closed since 1 April 2020 and is not available for download. After Wordfence QA Engineer Ram Gall reported the XSS bug
World of WordPress is hosted by:
While others try to add more components to their hosting to make it go faster, we decided to build our hosting cloud fast from the ground up. We did so by stripping out everything we knew was deadweight.