WordPress site owners who use the Contact Form 7 Datepicker plugin are forced to remove or deactivate it. In order to prevent attackers from creating rogue admins or taking over admin sessions after exploiting an authenticated cross-site scripting (XSS) vulnerability.
However, the Contact Form 7 plugin is completely safe. And it has not affected by the XSS vulnerability identified in Contact Form 7 Datepicker.
Plugin no longer available on WordPress Repository
This Contact Form 7 Datepicker plugin has been closed since 1 April 2020 and is not available for download. After Wordfence QA Engineer Ram Gall reported the XSS bug
World of WordPress is hosted by:
With Rocket, your websites will be blazing fast, always protected, and supported 24/7 by our experts with over 17 years of experience.