WordPress plugin with 5 million installs has a critical vulnerability

The team behind a popular WordPress plugin has disclosed a critical file upload vulnerability and issued a patch.

The vulnerable plugin, Contact Form 7, has over 5 million active installs making this urgent upgrade a necessity for WordPress site owners out there.

Unrestricted file upload

This week, Contact Form 7 project has disclosed an unrestricted file upload vulnerability (CVE pending) in the WordPress plugin that can allow an attacker to bypass Contact Form 7’s filename sanitization protections when uploading files.

An attacker can upload a crafted file with arbitrary code…

More Info

About mblog.my

Check Also

Elementary Digital named a WordPress VIP agency partner

WordPress VIP, a leading provider of enterprise WordPress, has added Elementary Digital to its Featured …

Leave a Reply

Your email address will not be published. Required fields are marked *