The CAPTCHA system made use of the internal PHP random function mt_rand() when determining which CAPTCHA to phrases to present. With this new improvement, the CAPTCHA system instead makes use of the WordPress-specific wp_rand() function, which utilizes different randomization algorithms, making the CAPTCHA system much harder to predict.
This vulnerability affects the following application versions:
- Contact Form 7 3.6
- Contact Form 7 3.7
- Contact Form 7 3.7.1
- Contact Form 7 3.7.2
- Contact Form 7 3.8
- Contact Form 7 3.8.1
- Contact Form 7 3.9
- Contact Form 7 3.9.1
- Contact Form 7 3.9.2
- Contact Form 7 3.9.3
- Contact Form 7 3.9-beta
- Contact Form 7 4.0
- Contact Form 7 4.0.1
- Contact Form 7 4.0.2
- Contact Form 7 4.0.3
- Contact Form 7 4.1
- Contact Form 7 4.1-beta