Spam Protect for Contact Form 7 < 1.2.10 - Editor+ Remote Code Execution

Description

A vulnerability was found in Spam Protect for Contact Form 7 Plugin up to 1.2.9 on WordPress. It has been rated as critical. The impacted element is an unknown function. This manipulation causes code injection. This vulnerability appears as CVE-2026-1540. The attack may be initiated remotely.

Affected Products

Vendor	Product	Versions
unknown	spam protect for contact form	0, 1.2.9

References

https://wpscan.com/vulnerability/ad00d1bb-ea8d-44a3-9064-6412804d9e95/(exploit, vdb-entry, technical-description)

Related News (1 articles)

Tier C

VulDB3h ago

CVE-2026-1540 | Spam Protect for Contact Form 7 Plugin up to 1.2.9 on WordPress code injection (EUVD-2026-18128)

→ No new info (linked only)

CISA KEV❌ No

Actively exploited❌ No

Patch available

1.2.10

PublishedApr 2, 2026

Last enriched2h agov2

Trending Score30

Source articles1

Independent1

Info Completeness7/14

Missing: cvss, epss, cwe, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Pin to Dashboard

Verification

Version History

Last enriched 2h ago

v2Tier C2h ago

Updated description with new technical details, changed severity to CRITICAL, and updated affected versions to include 1.2.9.

descriptionaffectedVersionsseverity

via VulDB

v14h ago

Initial creation