Primary

Context

NYSL Spam Protect for Contact Form 7 Path Traversal Vulnerability

Vulnerability

A path traversal vulnerability has been identified in the NYSL Spam Protect for Contact Form 7 plugin, specifically in versions through 1.2.9. This vulnerability allows for improper limitation of a pathname, potentially leading to arbitrary file deletion on the affected WordPress site.

Impact

Exploitation of this vulnerability could result in arbitrary file deletion, allowing a malicious actor to remove files from the website. Deleting core files could disrupt the site's functionality.

Remediation

Users of the NYSL Spam Protect for Contact Form 7 plugin should update to version 1.2.10 or later. Patchstack users can enable auto-updates for vulnerable plugins.

Added: Mar 25, 2026, 6:53 PM

Updated: Mar 25, 2026, 6:53 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.3

exploitability

5.2

remediation

0.0

relevance

4.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.3

exploitability

5.2

remediation

0.0

relevance

4.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NYSL Spam Protect for Contact Form 7 Path Traversal Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating