As part of monitoring we do to make sure we are providing customers of our service with the best possible data on vulnerabilities in WordPress plugins they may be using we monitor for what look to be hackers probing for usage of plugins to make sure we quickly can warn our customers of unfixed vulnerabilities that hackers are likely targeting. There was probing on our website today for the plugin Live Preview for Contact Form 7 by requesting these files:

• /wp-content/plugins/cf7-live-preview/assets/js/cf7-live-preview.js
• /wp-content/plugins/cf7-live-preview/assets/css/cf7-live-preview.css
• /wp-content/plugins/cf7-live-preview/README.txt

Like the previous plugins we discussed this week that look to be part of the same campaign this plugin also contains an authenticated persistent cross-site scripting (XSS) vulnerability, so that would be a likely target for the hacker. [Read more]