CVE-2021-24278 Scanner

Query Solutions Redirection for Contact Form 7 is a popular WordPress plugin, used by many website administrators to redirect visitors to pages or URLs of their choice after filling out a contact form. The plugin is designed to help website owners improve customer engagement and increase conversions by redirecting visitors to relevant pages, such as thank you pages, after a successful form submission. 

However, the plugin was recently found to have a critical vulnerability, identified as CVE-2021-24278. This vulnerability allows unauthenticated users to retrieve a valid nonce for any WordPress action/function, using the wpcf7r_get_nonce AJAX action. Once this vulnerability is exploited, an attacker can gain access to sensitive information, modify website content, or even take over the entire website. 

If left unpatched, this vulnerability can lead to serious consequences for website owners, such as damage to their online reputation, loss of business, or even legal liabilities. It is therefore crucial to take steps to protect against this vulnerability and secure your website from potential attacks. 

At s4e.io, we offer pro features that can help you quickly and easily learn about vulnerabilities in your digital assets. Our platform provides comprehensive vulnerability scanning and reporting, helping you to stay one step ahead of threats and secure your digital assets from attack. With our advanced features and expert support, you can achieve a high level of security confidence and ensure your website remains secure from potential attacks.

REFERENCES

• https://wpscan.com/vulnerability/99f30604-d62b-4e30-afcd-b482f8d66413
• https://www.wordfence.com/blog/2021/04/severe-vulnerabilities-patched-in-redirection-for-contact-form-7-plugin/