One of the tools we have developed to help keep websites secure from vulnerabilities in WordPress plugins is our Plugin Security Checker, which identifies the possibility of some instances of vulnerabilities in plugins. One way we work to improve the quality of the results produced by that is doing occasional checks of results of plugins people are running through that. Through that we confirmed that the plugin Material Design for Contact Form 7, which has 20,000+ installs, contains a fairly serious type of vulnerability, an authenticated option update vulnerability. Though the specifics limit the ability for it to be abused in a non-targeted attack.

The tool identified the following code as possibly vulnerable: [Read more]