WordPress Plugin Vulnerabilities

Contact Form 7 < 5.3.2 - Unrestricted File Upload

Description

The popular WordPress plugin, Contact Form 7 was found to be vulnerable to Unrestricted File Upload.

Proof of Concept

Append a unicode special character (from U+0000 [null] to U+001F [us]) to a filename and upload it via the ContactForm7 upload feature

Affects Plugins

Fixed in 5.3.2

References

Miscellaneous

Original Researcher
Jinson Varghese Behanan
Submitter
Jinson Varghese Behanan
Submitter website
Submitter twitter
Verified
No

Timeline

Publicly Published
2020-12-17 (about 3 years ago)
Added
2020-12-17 (about 3 years ago)
Last Updated
2020-12-21 (about 3 years ago)

Other