Certain sections of the codebase utilized the esc_url_raw() function where the esc_url() function should have been used instead. Potentially leading to unsanitized output.
This vulnerability affects the following application versions:
- Contact Form 7 3.6
- Contact Form 7 3.7
- Contact Form 7 3.7.1
- Contact Form 7 3.7.2
- Contact Form 7 3.8