The wpcf7_contact_form GET parameter is vulnerable to SQL injection when submitting a filter request as a high privilege user (admin+) Edit (WPScanTeam) September 28th, 2020 - Escalated to WP & WP Investigating October 26th, 2020 - Received another submission related a SQL injection in the same parameter but with a different vector: https://wpscan.com/vulnerability/0c3a91d4-a75a-4107-bfc5-015590a72abe January 3rd, 2021 - No updates, disclosing
The PoC will be displayed once the issue has been remediated