ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Creative Contact Form Plugin - Shell Upload

Product
Creative Contact Form
Description
This Creative Contact Form plugin is prone to a shell upload vulnerability, in which the administrator or author could upload shell script, in the other words, default settings.
Solution
Upgrade the plugin.
Classification
Type Remote File Inclusion
References
CVE
Name CVE-2014-8739
Versions
Affected In <= 0.9.7
Fixed In 0.9.8
Disclosure date
2014-10-25
Credits
Claudio Viviani