WordPress plugin with 5 million installs has a critical vulnerability

The team behind a popular WordPress plugin has disclosed a critical file upload vulnerability and issued a patch.

The vulnerable plugin, Contact Form 7, has over 5 million active installs making this urgent upgrade a necessity for WordPress site owners out there.

Unrestricted file upload

This week, Contact Form 7 project has disclosed an unrestricted file upload vulnerability (CVE pending) in the WordPress plugin that can allow an attacker to bypass Contact Form 7’s filename sanitization protections when uploading files.

An attacker can upload a crafted file with arbitrary code…


More Info

About mblog.my

Check Also

Re-Creating The New York Times’ Website in Under 30 Minutes Using WordPress.com – WordPress.com News

Re-Creating The New York Times’ Website in Under 30 Minutes Using WordPress.com – WordPress.com News

Using WordPress blocks and the Site Editor to quickly build a lookalike of one of …

Leave a Reply

Your email address will not be published. Required fields are marked *