Contact Form 7 WordPress Plugin Vulnerability (CVE-2020-35489)
Harshit Goyal
AI Cloud Consultant @ E2E Networks - NVIDIA Partners in India | IaaS | Cloud Strategy
Aligning to industry best practices and standards of providing the best services to you, we publish security advisories that are designed to provide timely information to all our esteemed customers.
Threat Summary:
WordPress Plugin Contact Form 7 is prone to a vulnerability that attackers can upload arbitrary files because the application fails to properly sanitize user-supplied input.?
An unrestricted file upload vulnerability has been found in Contact Form-7 5.3.1 and older versions. Utilizing this vulnerability, a form submitter can bypass Contact Form 7’s filename sanitization, and upload a file that can be executed as a script file on the host server.
Impact:
Vulnerable Versions:
Contact Form 7 -?5.3.1 and older versions?
Note: Sites having Contact Form 7 installed without the file upload functionality are not vulnerable.
领英推荐
How to Protect Yourself:?
Update to plugin version 5.3.2 or the latest.
If you have Bitninja installed on your servers, enable your?WAF 2.0?module on the dashboard, sit back, and enjoy the ultimate server security protection.
If you haven’t installed BitNinja in your E2E Servers,?You can install it in the running nodes, Please refer to the?link?for the steps.
More about BitNinja?
How to resolve this Contact Form 7 vulnerability:
We at E2E Networks always encourage our customers to pursue the best practices of security to keep their systems updated, protected, and patched against recognized vulnerabilities.
Offensive Security | Penetration Tester | CEH (practical)
11 个月Hlo sir i have found this (CVE-2020-35489) from automatic scanner. but, how can i reproduce this vulnerability.