Contact Form 7 WordPress Plugin Vulnerability (CVE-2020-35489)
Roshni Singh
Cloud Evangelist | Empowering your business with the right cloud strategy |
Aligning to industry best practices and standards of providing the best services to you, we publish security advisories that are designed to provide timely information to all our esteemed customers.
Threat Summary:
WordPress Plugin Contact Form 7 is prone to a vulnerability that attackers can upload arbitrary files because the application fails to properly sanitize user-supplied input.?
An unrestricted file upload vulnerability has been found in Contact Form-7 5.3.1 and older versions. Utilizing this vulnerability, a form submitter can bypass Contact Form 7’s filename sanitization, and upload a file that can be executed as a script file on the host server.
Impact:
Vulnerable Versions:
Contact Form 7 -?5.3.1 and older versions?
Note: Sites having Contact Form 7 installed without the file upload functionality are not vulnerable.
How to Protect Yourself:?
Update to plugin version 5.3.2 or the latest.
If you have Bitninja installed on your servers, enable your?WAF 2.0?module on the dashboard, sit back, and enjoy the ultimate server security protection.
领英推荐
If you haven’t installed BitNinja in your E2E Servers,?You can install it in the running nodes, Please refer to the?link?for the steps.
More about BitNinja?
How to resolve this Contact Form 7 vulnerability:
We at E2E Networks always encourage our customers to pursue the best practices of security to keep their systems updated, protected, and patched against recognized vulnerabilities.
Official references:
If you have any queries regarding the patching/updates on E2E Networks infrastructure, you may write an email to?[email protected].