Headline
CVE-2014-2265: Contact Form 7 3.7.2
Rock Lobster Contact Form 7 before 3.7.2 allows remote attackers to bypass the CAPTCHA protection mechanism and submit arbitrary form data by omitting the _wpcf7_captcha_challenge_captcha-719 parameter.
Contact Form 7 3.7.2 has just been released. This release includes a fix for a bug that allows to avoid CAPTCHA validation. Upgrading quickly is recommended especially if you have CAPTCHAs in forms.
Requires: WordPress 3.6 or higher
Tested up to: WordPress 3.8.1
» Download Contact Form 7 plugin from WordPress.org
Change Log
- Fixed a bug that allowed to avoid CAPTCHA validation.
- The jQuery Form Plugin (jquery.form.js) has been updated to 3.50.0.
- Translation for Dutch (Tim de Hoog) has been updated.
Post navigation
Just another contact form plugin for WordPress. Simple but flexible.