Posted on December 18, 2020

Millions of WordPress Sites Vulnerable to Attack running Contact Form 7

Yesterday, a patch was released to this popular plugin, Contact Form 7, that will correct this very critical vulnerability that allows unauthenticated visitors to take over a site running this plugin, exploiting an unrestricted file upload bug. In use on over 5 million WordPress sites, around 70% still have not been updated and are at risk of being exploited.

This vulnerability (CVE-2020-35489) was found by the research team at Astra Security Research, and a patch is already available has been released already to plug this flaw on versions 5.3.1 or older.

It is an easily exploitable vulnerability and if you are not on our Managed WordPress plan where we have reviewed and updated this plugin if you were not subscribed to automatic updates. For other clients on any of our other hosting platforms, please ensure that action is taken immediately to update this plugin. If your site has been exploited and need help fixing your site, we have a Compromised Site Repair plan and will clean up any exploit and ensure your application remains secure in the future.

What is Contact Form 7

A plugin for the popular Content Management System, WordPress, Contact Form 7 can manage multiple contact forms, plus you can customize the form and the mail content flexibly with simple markup. The form supports Ajax-powered submitting, CAPTCHA, Akismet spam filtering and so on.

Leave a Reply

Your email address will not be published. Required fields are marked *

Trusted by Clients Across All Industries

Don’t take our word for it - let our happy clients do the talking. See More

Full Host did an amazing job of migrating my site seamlessly onto their server. My only regret was not switching my site over to them sooner. Now it is performing great, images are uploading way faster than ever before.

" Vancouver Sofa and Patio - Jerry Schmidt

Two thumbs up for Fullhost! Agents reply to me fairly quickly or at least let me know they received the ticket and are looking into it. Kudos to the support team as they have always given me exactly what I need without delays.

" Universal Staffing Inc. - Anthony Calvano

FullHost is an absolute pleasure to work with, and their customer service is exceptional. Whenever I have questions or need adjustments, they are there to help, quickly, efficiently, with answers and insights.

" Mooseworld Inc. Norine Leibel

The Fullhost team was a huge help in getting the website moved over and set up in a way in which we could correct the technical issues. They were quick, helpful and technically knowledgeable.

" Canadian Sport Institute Pacific Noah Wheelock

Our organization Has been working with FullHost for a couple of years now, and we have been thrilled with the service.

" Canadian Centre for International Justice / Philippe Kirsch Institute Pearl Eliadis

Exceptional is the word when it comes to FullHost. I started my own business and in the jungle of applications, licenses and registrations, FullHost had my back.

" Statsmen Matthias Bass

The customer service and support staff that I have dealt with have all been great. The move from my previous host was smooth thanks to the support staff at Full Host who moved my files over.

" Moose Web Design - Michelle Nortje

With coast to coast coverage,
We help you serve the world.

Whether your audience is located in Europe, Asia, Africa, or Australia, provide them with lightening speed!

FullHost's data centers are located in Toronto and Vancouver to ensure worldwide quality and speed.

Get in Touch
We Trust Only The Best Tech to Support You

FullHost operates with the most innovative technology to bring you unparalleled levels of hosting services.