CVE-2021-24282

Name of the Vulnerable Software and Affected Versions Redirection for Contact Form 7 versions prior to 2.3.4

Description The issue allows any authenticated user, such as a subscriber, to utilize various AJAX actions within the plugin. This enables an attacker to perform several actions, for example, using wpcf7r reset settings to reset the plugin's settings or wpcf7r add action to add actions to a form.

Recommendations For versions prior to 2.3.4, update to version 2.3.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX actions wpcf7r reset settings and wpcf7r add action to prevent unauthorized modifications.