100,000 WordPress sites using the Contact Form 7 Datepicker plugin are exposed to hack

An authenticated stored cross-site scripting (XSS) vulnerability could allow attackers to create rogue admins on WordPress sites using Contact Form 7 Datepicker plugin. Administrators of WordPress sites using the Contact Form 7 Datepicker plugin are recommended to remove or deactivate it to prevent attackers from exploiting a stored cross-site scripting (XSS) vulnerability to create rogue […]

The post 100,000 WordPress sites using the Contact Form 7 Datepicker plugin are exposed to hack appeared first on Security Affairs.