WordPress Plugin Bug Can Be Used to Create Rogue Admins

WordPress Plugin Bug Can Be Used to Create Rogue Admins

Author: ZoneWP

Date: April 7, 2020 

Category: Plugin development, SEO, Security, Tips and tricks, Tutorials, Webhosting

wprssaggregator WordPress Plugin Bug Can Be Used to Create Rogue Admins

WordPress site owners who use the Contact Form 7 Datepicker plugin are forced to remove or deactivate it. In order to prevent attackers from creating rogue admins or taking over admin sessions after exploiting an authenticated cross-site scripting (XSS) vulnerability.

However, the Contact Form 7 plugin is completely safe. And it has not affected by the XSS vulnerability identified in Contact Form 7 Datepicker.

Plugin no longer available on WordPress Repository

This Contact Form 7 Datepicker plugin has been closed since 1 April 2020 and is not available for download. After Wordfence QA Engineer Ram Gall reported the XSS bug

This is the first part of the original article by ZoneWP.
Click here to read the full article in a new tab!


WordPress Plugin Bug Can Be Used to Create Rogue Admins

World of WordPress is hosted by:

Servebolt: next level high performance hosting.

While others try to add more components to their hosting to make it go faster, we decided to build our hosting cloud fast from the ground up. We did so by stripping out everything we knew was deadweight.


toolset logo tag line white WordPress Plugin Bug Can Be Used to Create Rogue Admins