Contact form 7 WordPress developers updated their plugin last week to patch a security vulnerability that allowed unrestricted file uploads in all versions up to and including 5.3.1 – so we would strongly recommend that if you are using this plugin for your website’s contact form you run an update asap.
Of course, if you are a client of ours who uses our managed backup and update service the update has already been taken care of!
With 5+ million users of the Contact form 7 plugin it could prove a popular target with hackers and whilst the vulnerability is not an easy one to exploit it is still there unless the update is applied.
However, given time and published proof of concept code, exploitation of the vulnerability could become much easier for attackers.
If you would like to discuss this issue please contact Alex at alex@octagontech.com or on 01522 797520 for a chat.
Alex
Web Support