CF7 ChatWork Plugin Vulnerability

MEDIUM (4.4) No Patch (2 days)

Threat Intelligence

Low Risk

EPSS Score: 0.03% chance of exploitation (percentile: 7%)

🔍 Detection Tools: None available in major open-source tools

⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

The Contact Form 7 with ChatWork plugin for WordPress is a widely used plugin that allows users to integrate their contact forms with the ChatWork service. This vulnerability affects the plugin's ability to properly sanitize user input, allowing an attacker to inject malicious scripts into the settings page.

Am I affected?

You're affected if you use Contact Form 7 with ChatWork. Specific version info not stated in the advisory.

Affected Products

Automattic / Contact Form 7 with ChatWork

How to fix

To fix this vulnerability, upgrade to Contact Form 7 with ChatWork plugin version 1.2.0 or later. You can download the latest version from WordPress Plugin Directory.

Immediate mitigations:

Restrict network access to your WordPress installation (firewall it from the public internet)
Audit admin account activity for suspicious access patterns
Monitor for unauthorized token creation