WordPress Plugin Vulnerabilities
Contact Form 7 < 5.3.2 - Unrestricted File Upload
Description
The popular WordPress plugin, Contact Form 7 was found to be vulnerable to Unrestricted File Upload.
Proof of Concept
Append a unicode special character (from U+0000 [null] to U+001F [us]) to a filename and upload it via the ContactForm7 upload feature
Affects Plugins
Fixed in version 5.3.2
References
Classification
Type
UPLOAD
CWE
Miscellaneous
Original Researcher
Jinson Varghese Behanan
Submitter
Jinson Varghese Behanan
Submitter website
Submitter twitter
Verified
No
Timeline
Publicly Published
2020-12-17 (about 1 years ago)
Added
2020-12-17 (about 1 years ago)
Last Updated
2020-12-21 (about 1 years ago)