Contact Form 7 (5.3.1 & below) Vulnerable To Unrestricted File Upload
Before you start reading the description, please log in to your WordPress Admin panel & update all the plugins.
Contact Form 7 version 5.3.1 and below were found to be vulnerable to unrestricted file upload vulnerability.
This issue has been reported by security researchers at Astra Security.
By exploiting this vulnerability, attackers could simply upload files of any type, bypassing all restrictions placed regarding the allowed uploadable file types on a website.
Contact Form 7 has released a fix on December 17, 2020, with version 5.3.2.
About Contact Form 7
Contact Form 7 is one of the most popular WordPress plugins that allows its users to add multiple contact forms on their site. The plugin currently has over 5 million active installations. So, any vulnerability in this plugin puts millions of websites at risk of being compromised.
Useful links -
An official update from Contact Form 7 team
https://contactform7.com/2020/12/17/contact-form-7-532/#more-38314
Detailed description of the issue - https://www.getastra.com/blog/911/plugin-exploit/contact-form-7-unrestricted-file-upload-vulnerability/
Astra's WordPress Firewall to secure your site from Zero day exploits & vulnerabilities - https://www.getastra.com/wordpress-firewall
Contact Form 7 version 5.3.1 and below were found to be vulnerable to unrestricted file upload vulnerability.
This issue has been reported by security researchers at Astra Security.
By exploiting this vulnerability, attackers could simply upload files of any type, bypassing all restrictions placed regarding the allowed uploadable file types on a website.
Contact Form 7 has released a fix on December 17, 2020, with version 5.3.2.
About Contact Form 7
Contact Form 7 is one of the most popular WordPress plugins that allows its users to add multiple contact forms on their site. The plugin currently has over 5 million active installations. So, any vulnerability in this plugin puts millions of websites at risk of being compromised.
Useful links -
An official update from Contact Form 7 team
https://contactform7.com/2020/12/17/contact-form-7-532/#more-38314
Detailed description of the issue - https://www.getastra.com/blog/911/plugin-exploit/contact-form-7-unrestricted-file-upload-vulnerability/
Astra's WordPress Firewall to secure your site from Zero day exploits & vulnerabilities - https://www.getastra.com/wordpress-firewall
Комментарии:
Muhammad Elgllad - 04.03.2022 02:11
where i can find exploit
Ответить
Qwerty1337 - 25.12.2020 05:05
Guud joob
~Cxsecurity
maul - 22.12.2020 10:57
Exploit plz
Ответить
Humberto Santos - 19.12.2020 02:43
Exploit plz!
Ответить
adiabo reha - 18.12.2020 06:14
exploit plz :'(
Ответить
«Активные люди» Жители холмогорской деревни Кушово
Архангельский Центр социальных технологий Гарант
Kids Fear Of Examination| Funny Short Video| We Simple Family|
We Simple Family
The Amazing Digital Circus With Mermaid Bedtime Stories Fairy Tales @WOAFairyTalesEnglish
WOA Fairy Tales - English
NFA to Regular Expression Conversion
Neso Academy
ТЕСТ СЫРОВАРНИ Maggio Pro 20л от ПМЗ. Пробный запуск Варю российский сыр
ПУХОВАЯ ДЕРЕВНЯ ДНЕВНИК КАЗАЧКИ. ПУХОВЫЕ ШАЛИ
Огромные караси рвут леску!!! Рыбалка в заказнике.
Лесные приключения VS Рыбалка
УГАДАЙ КОНТЕЙНЕР ЗАБЕРИ ТАЧКУ Стилов Булкин Подписчик Юра Волков Илья KICKDOWN и другие
Жекич Дубровский
4 месяца назад
