High Severity Vulnerability Leads to Closure of Plugin with Over 100,000 Installations On April 1, 2020, the Wordfence Threat Intelligence team discovered a stored Cross Site Scripting (XSS) vulnerability in Contact Form 7 Datepicker , a WordPress plugin installed on over 100,000 sites. As the plugin developer’s github page indicated that the plugin was no longer being maintained, we contacted the WordPress plugins team with our disclosure, and they immediately removed the plugin from the repository for review. We also contacted the plugin’s developer and received a response verifying that they had no plans to maintain it and were satisfied with removing the plugin from the repository. All Wordfence users, including Wordfence free and Wordfence Premium users, are protected from this vulnerability by the Wordfence Firewall’s built-in XSS protection. Nonetheless, we strongly recommend deactivating and removing this plugin. Description : Authenticate...
With over 15 years as a full-stack developer, I excel in PHP, Java, and Bootstrap, serving 5000+ clients on Fiverr and Upwork. I've developed 6000+ websites, CRMs, and plugins, specializing in WordPress and OpenCart. My focus includes user-centric design, SEO, transparent pricing, and meeting deadlines. I also offer technical consulting, hosting advice, and troubleshooting. Check my Fiverr profile at fiverr.com/lalityadavswd1, or contact me on Skype: lalit.yadavswd.