Contact Form 7 have published a critical security update for their Wordpress plugin.
All versions up to and including 5.3.1 are vulnerable.
Contact Form 7 version 5.3.2 fixes the issue, but requires Wordpress 5.4 or newer. We list alternative solutions for Contact Form 7 users below:
- Update WordPress to 5.6 and Contact Form 7 to 5.3.2
- Uninstall and delete Contact Form 7