CVE-2026-1540 | Spam Protect for Contact Form 7 Plugin up to 1.2.9 on WordPress code injection (EUVD-2026-18128)

A vulnerability was found in Spam Protect for Contact Form 7 Plugin up to 1.2.9 on WordPress. It has been rated as critical. The impacted element is an unknown function. This manipulation causes code injection.

This vulnerability appears as CVE-2026-1540. The attack may be initiated remotely. There is no available exploit.

Upgrading the affected component is advised.VulDB Recent EntriesRead More