A security bug in Contact Form 7 Style, a WordPress plugin installed on over 50,000 sites, could allow for malicious JavaScript injection on a victim website. The latest WordPress plugin security vulnerability is a cross-site request forgery (CSRF) to stored cross-site scripting (XSS) problem in Contact Form 7 Style, which is an add-on to the well-known Contact Form 7 umbrella plugin.
Read full article on Threat Post