A serious vulnerability was found in the popular Contact Form 7 plugin for WordPress and the plugin needs to be updated immediately. The author of the plugin released a security bug fix on 12/17/20. The latest version of the CF7 plugin is 5.3.2. The security issue is mitigated by updating the plugin to the most recent version. IDP web hosting customers do not need to stress about this issue. Our managed WordPress hosting includes WP updates and security bug fixes. Details from the plugin author can be found here:
The security vulnerability would allow the hacker to upload a malicious file thru the file upload feature available in Contact Form 7 that allows users to upload a file on a submit form. The critical issue is classified as an unrestricted file upload bug. The vulnerability could allow the attacker to deface the website, take control of the website or possibly take control of the web server. More details about the security issue can be found here:
Contact Form 7 Plugin Usage
Contact Form 7 is hugely popular. At IDP we install and setup contact form 7 on every website we build. The CF7 plugin is quick and easy to use when developing submit forms for websites. We highly recommend this plugin to build WordPress contact forms. The author has addressed the issue quickly and we will continue to use Contact Form 7.
About the author:
Monte Persinger, Creative Director & President
Monte is one of the original founders of the company in 2003. Monte is a creative talent with 20 years of experience in web design and information technology. He works with clients on a daily basis to develop, maintain and market their web sites.
Monte earned a Master’s Degree in Educational Technology from the University of Missouri-Columbia in 2000. During his Master’s Degree program he studied information architecture, HTML, web design, project management and instructional technology.