NextGuard
UNKNOWNCVE-2026-1540

Spam Protect for Contact Form 7 < 1.2.10 - Editor+ Remote Code Execution

Platform

wordpress

Component

spam-protect

Fixed in

1.2.10

View on NVD

The Spam Protect for Contact Form 7 WordPress plugin before 1.2.10 allows logging to a PHP file, which could allow an attacker with editor access to achieve Remote Code Execution by using a crafted header

How to fix

Actualice el plugin Spam Protect for Contact Form 7 a la versión 1.2.10 o superior. Esto solucionará la vulnerabilidad de ejecución remota de código. Si no puede actualizar inmediatamente, considere desactivar el plugin temporalmente.

Monitor your dependencies automatically

Get notified when new vulnerabilities affect your projects. Free forever.

Start free