ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Contact Form 7 Plugin <= 3.5.2 - Remote Code Execution

Product
Contact Form 7
Description
Because of this vulnerability, attackers with admin access add uploader tag into contact form at the site and use it for CE via AFU attack.
Solution
Update the plugin.
Classification
Type Arbitrary Code Execution
References
Packet Storm Security
CVE
Name CVE-N/A
Versions
Affected In <= 3.5.2
Fixed In 3.5.3
Disclosure date
2014-08-01
Credits
MustLive