ThreatPress

WordPress Vulnerability Database

Back

WordPress Contact Form 7 plugin <= 5.3.1 - Unrestricted File Upload vulnerability

Product
Contact Form 7
Description
Unrestricted File Upload vulnerability found by Jinson Varghese Behanan in WordPress Contact Form 7 plugin (versions <= 5.3.1).
Solution
Update the WordPress Contact Form 7 plugin to the latest available version (at least 5.3.2).
Classification
Type Arbitrary File Upload
OWASP Top 10 A5: Security Misconfiguration
References
Plugin changelog
Vulnerability details
CVE
Name CVE-N/A
Versions
Affected In <= 5.3.1
Fixed In 5.3.2
Disclosure date
2020-12-17
Credits
Jinson Varghese Behanan