The Astra Security Research team discovered a high-severity Unrestricted File Upload vulnerability in the WordPress plugin Contact Form 7 5.3.1 and older versions.
The vulnerable plugin, Contact Form 7, has over 5 million active installs making this urgent upgrade a necessity for WordPress site owners out there.
By exploiting this vulnerability, attackers could simply upload files of any type, bypassing all restrictions placed regarding the allowed upload-able file types on a website. Further, it allows an attacker to inject malicious content such as web shells into the sites that are using the Contact Form 7 plugin version below 5.3.1 and have file upload enabled on the forms.
If you are using the Contact Form 7 plugin version 5.3.1 and below, it is highly recommended to update this WordPress plugin to its latest version i.e. 5.3.2
Bijay Pokharel
Related posts
Recent Posts
Subscribe
Cybersecurity Newsletter
You have Successfully Subscribed!
Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox. You are also consenting to our Privacy Policy and Terms of Use.