Support » Plugin: Contact Form 7 » SQL Injection Problem with Contact Form 7?

Viewing 2 replies - 1 through 2 (of 2 total)
  • pluginvulnerabilities

    (@pluginvulnerabilities)

    The post you are linking to, which is from our website, relates to a vulnerability that had previously been in the plugin Save Contact Form 7, not Contact Form 7.

    If a website has been hacked through a plugin there should be evidence in log file(s) of HTTP activity, so that is what you would want to be reviewing to determine the source of the hack.

    Thanks for your reply and clarification. With 5 million installs it is good to know that the SQL injection vulnerability wasn’t with Contact Form 7 itself. We’ll have to dig deeper to try to identify how the code was injected throughout the site.

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.