Contact Form 7 (5.3.1 & below) Vulnerable To Unrestricted File Upload
- 3 years ago
Before you start reading the description, please log in to your
WordPress Admin panel & update all the plugins.
Contact Form 7 version 5.3.1 and below were found to be
vulnerable to unrestricted file upload vulnerability.
This issue has been reported by security researchers at Astra
Security.
By exploiting this vulnerability, attackers could simply upload
files of any type, bypassing all restrictions placed regarding
the allowed uploadable file types on a website.
Contact Form 7 has released a fix on December 17, 2020, with
About Contact Form 7
Contact Form 7 is one of the most popular WordPress
plugins that allows its users to add multiple contact forms in their site. The plugin currently has over 5 million active installations. So, any vulnerability in this plugin puts millions of websites at risk of being compromised.
Link: https://contactform7.com/2020/12/17/contact-form-7-532/#more-38314
WordPress Admin panel & update all the plugins.
Contact Form 7 version 5.3.1 and below were found to be
vulnerable to unrestricted file upload vulnerability.
This issue has been reported by security researchers at Astra
Security.
By exploiting this vulnerability, attackers could simply upload
files of any type, bypassing all restrictions placed regarding
the allowed uploadable file types on a website.
Contact Form 7 has released a fix on December 17, 2020, with
About Contact Form 7
Contact Form 7 is one of the most popular WordPress
plugins that allows its users to add multiple contact forms in their site. The plugin currently has over 5 million active installations. So, any vulnerability in this plugin puts millions of websites at risk of being compromised.
Link: https://contactform7.com/2020/12/17/contact-form-7-532/#more-38314