Contact Form 7-Unrestricted File Upload Vulnerability Found... Update Immediately!


A Vulnerability has been discovered in ContactForm7 5.3.1 and older versions. It allows to an attacker to upload unrestricted files(malicious script)  that can be used to take over a site, tamper with a database and so on.


According to

Contact Form 7 is one of the most popular WordPress plugins that allows its users to add multiple contact forms on their site. The plugin currently has over 5 million active installations. So, any vulnerability in this plugin puts millions of websites at risk of being compromised.

What can be happen?
Behanan highlighted a few ways this vulnerability might be exploite

  1.  Possible to upload a web shell and inject malicious scripts
  2.  Complete takeover of the website and server if there is no containerization between websites on the same server
  3.  Defacing the website 

How to Fix?
Contactform7 team released new version of this plugin after identifying its critical nature.You can update your Contactform7 plugin to newer version 5.3.2

According to Contactform7 :