The Astra Security Research team discovered a high-severity Unrestricted File Upload vulnerability in the WordPress plugin Contact Form 7 5.3.1 and older versions.

The vulnerable plugin, Contact Form 7, has over 5 million active installs making this urgent upgrade a necessity for WordPress site owners out there.

Buy Me A Coffee

By exploiting this vulnerability, attackers could simply upload files of any type, bypassing all restrictions placed regarding the allowed upload-able file types on a website. Further, it allows an attacker to inject malicious content such as web shells into the sites that are using the Contact Form 7 plugin version below 5.3.1 and have file upload enabled on the forms.

If you are using the Contact Form 7 plugin version 5.3.1 and below, it is highly recommended to update this WordPress plugin to its latest version i.e. 5.3.2

READ
LockBit Claims Responsibility for London Drugs Ransomware Attack, Threatens Data Release