Title: Security warning Last modified: January 6, 2026 --- # Security warning * Resolved [awr10e](https://wordpress.org/support/users/awr10e/) * (@awr10e) * [5 months, 1 week ago](https://wordpress.org/support/topic/security-warning-25/) * Hi * My security plugin is reporting a vulnerability found on the plugin * [https://patchstack.com/database/wordpress/plugin/accept-stripe-payments-using-contact-form-7/vulnerability/wordpress-accept-stripe-payments-using-contact-form-7-plugin-3-1-reflected-cross-site-scripting-via-failure-message-vulnerability](https://patchstack.com/database/wordpress/plugin/accept-stripe-payments-using-contact-form-7/vulnerability/wordpress-accept-stripe-payments-using-contact-form-7-plugin-3-1-reflected-cross-site-scripting-via-failure-message-vulnerability) * There is also still the open PHP session issue that was raised over 5 months ago. * [https://wordpress.org/support/topic/active-php-session-was-detected-critical-warning/](https://wordpress.org/support/topic/active-php-session-was-detected-critical-warning/) * Thanks Viewing 6 replies - 1 through 6 (of 6 total) * [zealsupport](https://wordpress.org/support/users/zealsupport/) * (@zealsupport) * [5 months ago](https://wordpress.org/support/topic/security-warning-25/#post-18777197) * Hello [@awr10e](https://wordpress.org/support/users/awr10e/) * The reported security issue has already been fixed in version 3.2. * We will continue to monitor and check the session handling. * If you have any questions or need further clarification, please feel free to ask—I’m available to help. * Thank you, ZealousWeb * Thread Starter [awr10e](https://wordpress.org/support/users/awr10e/) * (@awr10e) * [5 months ago](https://wordpress.org/support/topic/security-warning-25/#post-18777810) * It must have been an old notification as I’m already on 3.2 (strange) its not reporting the issue anymore. * the PHP session issue is reported in Site Health * An active PHP session was detectedPerformance * A PHP session was created by a `session_start()` function call. This interferes with REST API and loopback requests. The session should be closed by `session_write_close()` before making any HTTP requests. * [zealsupport](https://wordpress.org/support/users/zealsupport/) * (@zealsupport) * [5 months ago](https://wordpress.org/support/topic/security-warning-25/#post-18778571) * Hello [@awr10e](https://wordpress.org/support/users/awr10e/) , * Thank you for the update. * Yes, you’re correct, it does appear that the earlier notification may have been from an older version, as version 3.2 is already installed and the issue is no longer being reported in that context. * Regarding the PHP session warning shown under **Site Health** (“An active PHP session was detected”), we are aware of this behavior. The session is triggered by a `session_start()` call, and we understand that it can interfere with REST API and loopback requests if not properly closed. * Please rest assured that **we are actively working on this issue**, and it will be addressed in an upcoming update to ensure better compatibility with Site Health and caching mechanisms. * Thank you for your patience and for bringing this to our attention. * Thank you ZealousWeb * [zealsupport](https://wordpress.org/support/users/zealsupport/) * (@zealsupport) * [5 months ago](https://wordpress.org/support/topic/security-warning-25/#post-18778848) * Hello [@awr10e](https://wordpress.org/support/users/awr10e/) , * Thank you for your patience. * We’re happy to inform you that the reported PHP session issue has been fixed in version 3.3. Please update the plugin to the latest version and let us know if everything works as expected on your end. * If you find the plugin helpful, we’d really appreciate it if you could take a moment to leave us a review. Your feedback helps us improve and support the plugin better. * Thanks again for your support. * Thank you, ZealousWeb * Thread Starter [awr10e](https://wordpress.org/support/users/awr10e/) * (@awr10e) * [5 months ago](https://wordpress.org/support/topic/security-warning-25/#post-18778913) * Thanks, I can confirm the PHP session warning has disappeared from Site Health * [zealsupport](https://wordpress.org/support/users/zealsupport/) * (@zealsupport) * [5 months ago](https://wordpress.org/support/topic/security-warning-25/#post-18778933) * Hello [@awr10e](https://wordpress.org/support/users/awr10e/) * Thank you so much for the kind words and for confirming that the PHP session warning has disappeared from Site Health. * If possible, we’d really appreciate it if you could take a moment to leave a review for the plugin. Your feedback means a lot to us and helps other users make informed decisions. * Thanks again for your support. * Thank you, ZealousWeb - This reply was modified 5 months ago by [zealsupport](https://wordpress.org/support/users/zealsupport/). Viewing 6 replies - 1 through 6 (of 6 total) You must be [logged in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fsecurity-warning-25%2F%3Foutput_format%3Dmd&locale=en_US) to reply to this topic. * ![](https://ps.w.org/accept-stripe-payments-using-contact-form-7/assets/Icon- 256x256.png?rev=3239282) * [Accept Stripe Payments Using Contact Form 7](https://wordpress.org/plugins/accept-stripe-payments-using-contact-form-7/) * [Frequently Asked Questions](https://wordpress.org/plugins/accept-stripe-payments-using-contact-form-7/#faq) * [Support Threads](https://wordpress.org/support/plugin/accept-stripe-payments-using-contact-form-7/) * [Active Topics](https://wordpress.org/support/plugin/accept-stripe-payments-using-contact-form-7/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/accept-stripe-payments-using-contact-form-7/unresolved/) * [Reviews](https://wordpress.org/support/plugin/accept-stripe-payments-using-contact-form-7/reviews/) * 6 replies * 2 participants * Last reply from: [zealsupport](https://wordpress.org/support/users/zealsupport/) * Last activity: [5 months ago](https://wordpress.org/support/topic/security-warning-25/#post-18778933) * Status: resolved