Security Advisory

CVE-2026-1540

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-02 06:00:10

Last updated 2026-04-02 13:13:54

Assigner WPScan

State PUBLISHED

Description

The Spam Protect for Contact Form 7 WordPress plugin before 1.2.10 allows logging to a PHP file, which could allow an attacker with editor access to achieve Remote Code Execution by using a crafted header

← Browse all CVEs View on cve.org ↗