Redirection for Contact Form 7

Vulnerabilities 25Slug wpcf7-redirectLatest version 3.2.9WordPress.org →

Minimum safe version

3.2.8

Update to 3.2.8 or later to address 25 fixable vulnerabilities

Latest available3.2.9
Medium 6.4
2025-10-18< 3.2.7

Redirection for Contact Form 7 <= 3.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via qs_date Shortcode

EUVDWordfenceCVE
High 7.5
2025-08-20< 3.2.5

Redirection for Contact Form 7 <= 3.2.4 - Unauthenticated PHP Object Injection via PHAR Deserialization

EUVDWordfenceCVE
High 8.8
2025-08-20< 3.2.5

Redirection for Contact Form 7 <= 3.2.4 - Unauthenticated PHP Object Injection

EUVDWordfenceCVE
High 8.8
2025-08-20< 3.2.5

WordPress Redirection for Contact Form 7 Plugin <= 3.2.4 is vulnerable to Arbitrary File Deletion

EUVDPatchstackWordfenceCVE
Medium 6.3
2024-10-16< 2.5.0

Freemius SDK <= 2.4.2 - Missing Authorization Checks

CVE
N/A
2023-07-18< 2.9.2

WordPress Redirection for Contact Form 7 Plugin < 2.9.2 is vulnerable to Cross Site Scripting (XSS)

PatchstackWPScanCVE
N/A
2022-03-04< 2.5.0

Freemius SDK <= 2.4.2 - Missing Authorization Checks

Wordfence
N/A
< 2.5.0

Unauthorised AJAX Calls via Freemius

WPScan
N/A
2021-04-20< 2.3.4

WordPress Redirection for Contact Form 7 plugin <= 2.3.3 - Unprotected AJAX Actions vulnerability

Patchstack
N/A
2021-04-20< 2.3.4

WordPress Redirection for Contact Form 7 plugin <= 2.3.3 - Authenticated Arbitrary Post Deletion vulnerability

Patchstack
N/A
2021-04-20< 2.3.4

WordPress Redirection for Contact Form 7 plugin <= 2.3.3 - Authenticated PHP Object Injection vulnerability

Patchstack
N/A
2021-04-20< 2.3.4

WordPress Redirection for Contact Form 7 plugin <= 2.3.3 - Authenticated Arbitrary Plugin Installation vulnerability

Patchstack
N/A
2021-04-20< 2.3.4

WordPress Redirection for Contact Form 7 plugin <= 2.3.3 - Unauthenticated Arbitrary Nonce Generation vulnerability

Patchstack
N/A
2022-02-28< 2.5.0

WordPress Redirection for Contact Form 7 plugin < 2.5.0 - Sensitive Information Disclosure vulnerability

Patchstack
N/A
2022-02-28< 2.5.0

WordPress Redirection for Contact Form 7 plugin < 2.5.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Patchstack