Yesterday, a patch was released to this popular plugin, Contact Form 7, that will correct this very critical vulnerability that allows unauthenticated visitors to take over a site running this plugin, exploiting an unrestricted file upload bug …
Yesterday, a patch was released to this popular plugin, Contact Form 7, that will correct this very critical vulnerability that allows unauthenticated visitors to take over a site running this plugin, exploiting an unrestricted file upload bug. In use on over 5 million WordPress sites, around 70% still have not been updated and are at risk of being exploited.
This vulnerability (CVE-2020-35489) was found by the research team at Astra Security Research, and a patch is already available has been released already to plug this flaw on versions 5.3.1 or older.
It is an easily exploitable vulnerability and if you are not on our Managed WordPress plan where we have reviewed and updated this plugin if you were not subscribed to automatic updates. For other clients on any of our other hosting platforms, please ensure that action is taken immediately to update this plugin. If your site has been exploited and need help fixing your site, we have a Compromised Site Repair plan and will clean up any exploit and ensure your application remains secure in the future.
What is Contact Form 7
A plugin for the popular Content Management System, WordPress, Contact Form 7 can manage multiple contact forms, plus you can customize the form and the mail content flexibly with simple markup. The form supports Ajax-powered submitting, CAPTCHA, Akismet spam filtering and so on.