WordPress.Plugin.Contact.Form.7.Unrestricted.File.Upload
Description
This indicates an attack attempt against an Unrestricted File Upload Vulnerability in WordPress Plugin Contact-Form-7 for WordPress.
The vulnerability is due to insufficient sanitization of user supplied file name when uploading a file. An attacker may exploit this to upload a malicious code on to the vulnerable server and result in remote code execution.
Affected Products
WordPress plugin Contact Form 7 before 5.3.2
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://contactform7.com/2020/12/17/contact-form-7-532/
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |