I doubt very seriously that Contact Form 7 has a CSRF vulnerability (give that about a 1 in 10,000 chance). What is much more likely is the vulnerability scanner is wrong (give that about a 98% chance). Scanners have a high failure/false flag ratio. What you should do is use 2 other scanners that have the capability to check for CSRF vulnerabilities or just assume the scanner is wrong because it is wrong.
↧